All the vulnerabilites related to Siemens - JT2Go
cve-2020-26998
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-238/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-857/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.196Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-238/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-857/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.2), Teamcenter Visualization (All versions \u003c V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12040)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:11", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-238/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-857/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-26998", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.2), Teamcenter Visualization (All versions \u003c V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12040)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-238/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-238/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-857/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-857/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-26998", "datePublished": "2021-02-09T15:38:19", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.196Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3159
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: 0 < 14.1.0.5 |
||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:00:10.535Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-15" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-360681.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "JT2Go", "vendor": "Siemens\u00a0", "versions": [ { "lessThan": "14.1.0.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens\u00a0", "versions": [ { "lessThan": "13.3.0.8", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens\u00a0", "versions": [ { "lessThan": "14.0.0.4", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens\u00a0", "versions": [ { "lessThan": "14.1.0.5", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Michael Heinz and Nafiez reported these vulnerabilities to Siemens.\u00a0" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\nThe APDFL.dll contains a stack-based buffer overflow vulnerability that \ncould be triggered while parsing specially crafted PDF files. This could\n allow an attacker to execute code in the context of the current \nprocess.\n\n" } ], "value": "The APDFL.dll contains a stack-based buffer overflow vulnerability that \ncould be triggered while parsing specially crafted PDF files. This could\n allow an attacker to execute code in the context of the current \nprocess.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 ", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-13T00:15:15.775Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-15" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-360681.html" }, { "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\nSiemens released updates for the affected products and recommends updating to the latest versions:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eJT2Go: \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html\"\u003eUpdate to V14.1.0.5 or later version\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u0026nbsp;\u003cbr\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eTeamcenter Visualization V13.3: \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eUpdate to V13.3.0.8 or later version\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u003cbr\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eTeamcenter Visualization V14.0: \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eUpdate to V14.0.0.4 or later version\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u003cbr\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eTeamcenter Visualization V14.1: \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eUpdate to V14.1.0.5 or later version\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e" } ], "value": "Siemens released updates for the affected products and recommends updating to the latest versions:\n * JT2Go: Update to V14.1.0.5 or later version https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html .\u00a0\n\n * Teamcenter Visualization V13.3: Update to V13.3.0.8 or later version https://support.sw.siemens.com/ .\n\n * Teamcenter Visualization V14.0: Update to V14.0.0.4 or later version https://support.sw.siemens.com/ .\n\n * Teamcenter Visualization V14.1: Update to V14.1.0.5 or later version https://support.sw.siemens.com/ .\n\n\n" } ], "source": { "discovery": "EXTERNAL" }, "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\u003cp\u003eSiemens identified the following specific workaround and mitigation user can apply to reduce risk: \u003c/p\u003e\n\n\u003cul\u003e\u003cli\u003eDo not open untrusted PDF files in JT2Go and Teamcenter Visualization.\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eAs a general security measure, Siemens recommends protecting \nnetwork access to devices with appropriate mechanisms. To operate the \ndevices in a protected IT environment, Siemens recommends configuring \nthe environment according to Siemens\u0027 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/cert/operational-guidelines-industrial-security\"\u003eoperational guidelines for industrial security\u003c/a\u003e\u003c/p\u003e and following the recommendations in the product manuals. Siemens also provides \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/industrialsecurity\"\u003eadditional information on industrial security\u003c/a\u003e.\u003cbr\u003e\nFor further inquiries on security vulnerabilities in Siemens products, users should contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/cert/advisories\"\u003eSiemens\u003c/a\u003e. \u003cbr\u003e\nFor more information, see the associated Siemens security advisory SSA-360681 in \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://cert-portal.siemens.com/productcert/html/ssa-360681.html\"\u003eHTML \u003c/a\u003eand \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json\"\u003eCSAF\u003c/a\u003e.\n\n\u003cbr\u003e" } ], "value": "Siemens identified the following specific workaround and mitigation user can apply to reduce risk: \n\n\n\n * Do not open untrusted PDF files in JT2Go and Teamcenter Visualization.\n\n\n\nAs a general security measure, Siemens recommends protecting \nnetwork access to devices with appropriate mechanisms. To operate the \ndevices in a protected IT environment, Siemens recommends configuring \nthe environment according to Siemens\u0027 operational guidelines for industrial security https://www.siemens.com/cert/operational-guidelines-industrial-security \n\n and following the recommendations in the product manuals. Siemens also provides additional information on industrial security https://www.siemens.com/industrialsecurity .\n\nFor further inquiries on security vulnerabilities in Siemens products, users should contact Siemens https://www.siemens.com/cert/advisories . \n\nFor more information, see the associated Siemens security advisory SSA-360681 in HTML https://cert-portal.siemens.com/productcert/html/ssa-360681.html and CSAF https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json .\n\n\n" } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2022-3159", "datePublished": "2023-01-13T00:15:15.775Z", "dateReserved": "2022-09-07T23:36:59.702Z", "dateUpdated": "2024-08-03T01:00:10.535Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38070
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:30:14.028Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.11" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2201", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2201.0010" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2302", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2302.0004" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.1), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions \u003c V2201.0010), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0004). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20818)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-14T11:03:21.001Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38070", "datePublished": "2023-09-12T09:32:13.603Z", "dateReserved": "2023-07-12T13:18:53.822Z", "dateUpdated": "2024-08-02T17:30:14.028Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34323
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-861/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.627Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-861/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13419)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:41", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-861/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34323", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13419)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-861/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-861/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34323", "datePublished": "2021-07-13T11:03:39", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.627Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44005
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2.0.5 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.117Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-14T12:06:43", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44005", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-44005", "datePublished": "2021-12-14T12:06:43", "dateReserved": "2021-11-18T00:00:00", "dateUpdated": "2024-08-04T04:10:17.117Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41661
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.4 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:49:43.627Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.4" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.7" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.3" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.4" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.4), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.7), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.3), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-13T08:16:51.110Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-41661", "datePublished": "2022-11-08T00:00:00", "dateReserved": "2022-09-27T00:00:00", "dateUpdated": "2024-08-03T12:49:43.627Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3160
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: 0 < 14.1.0.5 |
||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:00:10.258Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-15" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-360681.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "JT2Go", "vendor": "Siemens\u00a0", "versions": [ { "lessThan": "14.1.0.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens\u00a0", "versions": [ { "lessThan": "13.3.0.8", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens\u00a0", "versions": [ { "lessThan": "14.0.0.4", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens\u00a0", "versions": [ { "lessThan": "14.1.0.5", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Michael Heinz and Nafiez reported these vulnerabilities to Siemens.\u00a0" } ], "datePublic": "2022-12-16T00:15:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\nThe APDFL.dll contains an out-of-bounds write past the fixed-length \nheap-based buffer while parsing specially crafted PDF files. This could \nallow an attacker to execute code in the context of the current process.\n\n\n\n" } ], "value": "\nThe APDFL.dll contains an out-of-bounds write past the fixed-length \nheap-based buffer while parsing specially crafted PDF files. This could \nallow an attacker to execute code in the context of the current process.\n\n\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-13T00:16:30.069Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-15" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-360681.html" }, { "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\nSiemens released updates for the affected products and recommends updating to the latest versions:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eJT2Go: \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html\"\u003eUpdate to V14.1.0.5 or later version\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u0026nbsp;\u003cbr\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eTeamcenter Visualization V13.3: \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eUpdate to V13.3.0.8 or later version\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u003cbr\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eTeamcenter Visualization V14.0: \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eUpdate to V14.0.0.4 or later version\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u003cbr\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eTeamcenter Visualization V14.1: \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eUpdate to V14.1.0.5 or later version\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e" } ], "value": "Siemens released updates for the affected products and recommends updating to the latest versions:\n * JT2Go: Update to V14.1.0.5 or later version https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html .\u00a0\n\n * Teamcenter Visualization V13.3: Update to V13.3.0.8 or later version https://support.sw.siemens.com/ .\n\n * Teamcenter Visualization V14.0: Update to V14.0.0.4 or later version https://support.sw.siemens.com/ .\n\n * Teamcenter Visualization V14.1: Update to V14.1.0.5 or later version https://support.sw.siemens.com/ .\n\n\n" } ], "source": { "discovery": "EXTERNAL" }, "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\u003cp\u003eSiemens identified the following specific workaround and mitigation user can apply to reduce risk: \u003c/p\u003e\n\n\u003cul\u003e\u003cli\u003eDo not open untrusted PDF files in JT2Go and Teamcenter Visualization.\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eAs a general security measure, Siemens recommends protecting \nnetwork access to devices with appropriate mechanisms. To operate the \ndevices in a protected IT environment, Siemens recommends configuring \nthe environment according to Siemens\u0027 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/cert/operational-guidelines-industrial-security\"\u003eoperational guidelines for industrial security\u003c/a\u003e\u003c/p\u003e and following the recommendations in the product manuals. Siemens also provides \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/industrialsecurity\"\u003eadditional information on industrial security\u003c/a\u003e.\u003cbr\u003e\nFor further inquiries on security vulnerabilities in Siemens products, users should contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/cert/advisories\"\u003eSiemens\u003c/a\u003e. \u003cbr\u003e\nFor more information, see the associated Siemens security advisory SSA-360681 in \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://cert-portal.siemens.com/productcert/html/ssa-360681.html\"\u003eHTML \u003c/a\u003eand \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json\"\u003eCSAF\u003c/a\u003e.\n\n\u003cbr\u003e" } ], "value": "Siemens identified the following specific workaround and mitigation user can apply to reduce risk: \n\n\n\n * Do not open untrusted PDF files in JT2Go and Teamcenter Visualization.\n\n\n\nAs a general security measure, Siemens recommends protecting \nnetwork access to devices with appropriate mechanisms. To operate the \ndevices in a protected IT environment, Siemens recommends configuring \nthe environment according to Siemens\u0027 operational guidelines for industrial security https://www.siemens.com/cert/operational-guidelines-industrial-security \n\n and following the recommendations in the product manuals. Siemens also provides additional information on industrial security https://www.siemens.com/industrialsecurity .\n\nFor further inquiries on security vulnerabilities in Siemens products, users should contact Siemens https://www.siemens.com/cert/advisories . \n\nFor more information, see the associated Siemens security advisory SSA-360681 in HTML https://cert-portal.siemens.com/productcert/html/ssa-360681.html and CSAF https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json .\n\n\n" } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2022-3160", "datePublished": "2023-01-13T00:16:30.069Z", "dateReserved": "2022-09-07T23:37:57.515Z", "dateUpdated": "2024-08-03T01:00:10.258Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34324
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-862/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.505Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-862/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13420)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:06:50", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-862/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34324", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13420)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-416: Use After Free" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-862/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-862/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34324", "datePublished": "2021-07-13T11:03:40", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.505Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34300
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-846/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.482Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-846/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13194)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:06:53", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-846/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34300", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13194)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-846/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-846/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34300", "datePublished": "2021-07-13T11:03:17", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.482Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-33122
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.2.0.3 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:39:34.343Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.3" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.13" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.10" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.8" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.3" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.2.0.3), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.13), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.10), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.6), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.8), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted CGM file. This vulnerability could allow an attacker to disclose sensitive information." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-13T08:17:15.483Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-33122", "datePublished": "2023-06-13T08:17:15.483Z", "dateReserved": "2023-05-17T13:17:47.573Z", "dateUpdated": "2024-08-02T15:39:34.343Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-29030
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.3.0.3 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:10:58.579Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.3" } ] }, { "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.3" } ] }, { "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.3.0.3), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.3), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.1). The Mono_Loader.dll library is vulnerable to integer overflow condition while parsing specially crafted TG4 files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-680", "description": "CWE-680: Integer Overflow to Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-10T09:47:08", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2022-29030", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.3.0.3" } ] } }, { "product_name": "Teamcenter Visualization V13.3", "version": { "version_data": [ { "version_value": "All versions \u003c V13.3.0.3" } ] } }, { "product_name": "Teamcenter Visualization V14.0", "version": { "version_data": [ { "version_value": "All versions \u003c V14.0.0.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.3.0.3), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.3), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.1). The Mono_Loader.dll library is vulnerable to integer overflow condition while parsing specially crafted TG4 files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-680: Integer Overflow to Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-29030", "datePublished": "2022-05-10T09:47:08", "dateReserved": "2022-04-11T00:00:00", "dateUpdated": "2024-08-03T06:10:58.579Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44007
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2.0.5 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.283Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll contains an off-by-one error in the heap while parsing specially crafted TIFF files. This could allow an attacker to cause a denial-of-service condition." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-193", "description": "CWE-193: Off-by-one Error", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-14T12:06:44", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44007", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll contains an off-by-one error in the heap while parsing specially crafted TIFF files. This could allow an attacker to cause a denial-of-service condition." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-193: Off-by-one Error" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-44007", "datePublished": "2021-12-14T12:06:44", "dateReserved": "2021-11-18T00:00:00", "dateUpdated": "2024-08-04T04:10:17.283Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-34086
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: 0 < V2312.0001 |
||||||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "jt2go", "vendor": "siemens", "versions": [ { "lessThan": "V2312.0001", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:teamcenter_visualization:14.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "teamcenter_visualization", "vendor": "siemens", "versions": [ { "lessThan": "V14.1.0.13", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:teamcenter_visualization:14.2:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "teamcenter_visualization", "vendor": "siemens", "versions": [ { "lessThan": "14.2.0.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:teamcenter_visualization:2312:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "teamcenter_visualization", "vendor": "siemens", "versions": [ { "lessThan": "V2312.0001", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:teamcenter_visualization:14.3:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "teamcenter_visualization", "vendor": "siemens", "versions": [ { "lessThan": "14.3.0.7", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-34086", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T15:19:05.198442Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T18:22:25.821Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:42:59.863Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-661579.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0001", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "lessThan": "V14.1.0.13", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.7", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0001", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V2312.0001), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.13), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.10), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.7), Teamcenter Visualization V2312 (All versions \u003c V2312.0001). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted CGM file.\r\nThis could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-15T07:24:55.854Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-661579.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-34086", "datePublished": "2024-05-14T10:03:10.774Z", "dateReserved": "2024-04-30T09:05:07.900Z", "dateUpdated": "2024-08-02T02:42:59.863Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34295
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-852/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.512Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-852/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13024)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:06:18", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-852/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34295", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13024)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-852/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-852/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34295", "datePublished": "2021-07-13T11:03:12", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.512Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-28383
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-054/ | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf | x_refsource_MISC | |
https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04 | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-047/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-073/ | x_refsource_MISC |
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0.1 |
||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:33:59.029Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-054/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-047/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-073/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.1" } ] }, { "product": "Solid Edge SE2020", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c SE2020MP12" } ] }, { "product": "Solid Edge SE2021", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c SE2021MP2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Solid Edge SE2020 (All Versions \u003c SE2020MP12), Solid Edge SE2021 (All Versions \u003c SE2021MP2), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing PAR files. This can result in an out of bounds write past the memory location that is a read only image address. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11885)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:25", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-054/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-047/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-073/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-28383", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.1" } ] } }, { "product_name": "Solid Edge SE2020", "version": { "version_data": [ { "version_value": "All Versions \u003c SE2020MP12" } ] } }, { "product_name": "Solid Edge SE2021", "version": { "version_data": [ { "version_value": "All Versions \u003c SE2021MP2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Solid Edge SE2020 (All Versions \u003c SE2020MP12), Solid Edge SE2021 (All Versions \u003c SE2021MP2), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing PAR files. This can result in an out of bounds write past the memory location that is a read only image address. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11885)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-054/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-054/" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-047/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-047/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-073/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-073/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-28383", "datePublished": "2021-01-12T20:18:35", "dateReserved": "2020-11-10T00:00:00", "dateUpdated": "2024-08-04T16:33:59.029Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-32635
Vulnerability from cvelistv5
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: 0 < V2312.0005 |
||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:parasolid:35.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "parasolid", "vendor": "siemens", "versions": [ { "lessThan": "35.1.256", "status": "affected", "version": "35.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:parasolid:36.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "parasolid", "vendor": "siemens", "versions": [ { "lessThan": "36.0.208", "status": "affected", "version": "36.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:parasolid:36.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "parasolid", "vendor": "siemens", "versions": [ { "lessThan": "36.1.173", "status": "affected", "version": "36.1", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32635", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T13:37:49.970409Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T17:27:51.096Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:13:40.417Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0005", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.12", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0005", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V2312.0005), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.12), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.10), Teamcenter Visualization V2312 (All versions \u003c V2312.0005). The affected applications contain an out of bounds read past the unmapped memory region while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T07:54:05.071Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-856475.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-32635", "datePublished": "2024-05-14T10:02:42.291Z", "dateReserved": "2024-04-16T10:52:15.707Z", "dateUpdated": "2024-08-13T07:54:05.071Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26277
Vulnerability from cvelistv5
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: 0 < V2312.0004 |
||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26277", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-09T19:51:56.120704Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:49:18.998Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:07:18.954Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0004", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.1", "vendor": "Siemens", "versions": [ { "lessThan": "V35.1.254", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V36.0", "vendor": "Siemens", "versions": [ { "lessThan": "V36.0.207", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V36.1", "vendor": "Siemens", "versions": [ { "lessThan": "V36.1.147", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.12", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.9", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0004", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V2312.0004), Parasolid V35.1 (All versions \u003c V35.1.254), Parasolid V36.0 (All versions \u003c V36.0.207), Parasolid V36.1 (All versions \u003c V36.1.147), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.12), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.9), Teamcenter Visualization V2312 (All versions \u003c V2312.0004). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T07:54:03.735Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-26277", "datePublished": "2024-04-09T08:34:38.896Z", "dateReserved": "2024-02-15T10:54:03.168Z", "dateUpdated": "2024-08-13T07:54:03.735Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44006
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2.0.5 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.155Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-14T12:06:43", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44006", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-44006", "datePublished": "2021-12-14T12:06:43", "dateReserved": "2021-11-18T00:00:00", "dateUpdated": "2024-08-04T04:10:17.155Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34329
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-867/ | x_refsource_MISC |
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.504Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-867/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Solid Edge SE2021", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c SE2021MP5" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Solid Edge SE2021 (All Versions \u003c SE2021MP5), Teamcenter Visualization (All versions \u003c V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13427)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:46", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-867/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34329", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Solid Edge SE2021", "version": { "version_data": [ { "version_value": "All Versions \u003c SE2021MP5" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Solid Edge SE2021 (All Versions \u003c SE2021MP5), Teamcenter Visualization (All versions \u003c V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13427)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-122: Heap-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-867/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-867/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34329", "datePublished": "2021-07-13T11:03:45", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.504Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-26990
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-055/ | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf | x_refsource_CONFIRM |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0.1 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.263Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-055/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.1" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11897)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-843", "description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:24", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-055/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-26990", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.1" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11897)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-055/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-055/" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-26990", "datePublished": "2021-01-12T20:18:34", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.263Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34326
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-864/ | x_refsource_MISC |
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.502Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-864/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Solid Edge SE2021", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c SE2021MP5" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Solid Edge SE2021 (All Versions \u003c SE2021MP5), Teamcenter Visualization (All versions \u003c V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13422)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:06:59", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-864/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34326", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Solid Edge SE2021", "version": { "version_data": [ { "version_value": "All Versions \u003c SE2021MP5" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Solid Edge SE2021 (All Versions \u003c SE2021MP5), Teamcenter Visualization (All versions \u003c V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13422)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-122: Heap-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-864/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-864/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34326", "datePublished": "2021-07-13T11:03:42", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.502Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34315
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-844/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.504Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-844/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13356)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:06:28", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-844/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34315", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13356)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-844/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-844/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34315", "datePublished": "2021-07-13T11:03:32", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.504Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41283
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.6 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:42:44.879Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.8" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.4" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-11T09:02:43.378Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-41283", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-09-21T00:00:00", "dateUpdated": "2024-08-03T12:42:44.879Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2069
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: unspecified < V13.3.0.5 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:24:44.192Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-829738.pdf" }, { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-07" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V13.3.0.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "lessThan": "V13.3.0.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "lessThan": "V14.0.0.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Siemens reported this vulnerability to CISA." } ], "descriptions": [ { "lang": "en", "value": "The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcenter Visualization prior to V14.0.0.2 contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": " CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-20T00:00:00", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-829738.pdf" }, { "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-07" } ], "solutions": [ { "lang": "en", "value": "Siemens recommends updating to the latest version:\nTeamcenter Visualization V13.3: Update to version 13.3.0.5 or later\nTeamcenter Visualization V14.0: Currently no fix available.\nJT2Go V13.3.0.5: Update to version 13.3.0.5 or later\n\nFor more information see Siemens Security Advisory SSA-829738" } ], "source": { "discovery": "INTERNAL" }, "title": " Datalogics APDFL library Heap-based Buffer Overflow", "workarounds": [ { "lang": "en", "value": "Avoid opening untrusted files in JT2Go and Teamcenter Visualization\n\nAs a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u2019 and to follow the recommendations in the product manuals.\n\nAdditional information on industrial security by Siemens can be found on Siemens\u2019 Industrial Security webpage.\n\nFor more information see Siemens Security Advisory SSA-829738" } ], "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2022-2069", "datePublished": "2022-10-20T00:00:00", "dateReserved": "2022-06-13T00:00:00", "dateUpdated": "2024-08-03T00:24:44.192Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-25174
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.opendesign.com/security-advisories | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf | x_refsource_CONFIRM | |
https://www.zerodayinitiative.com/advisories/ZDI-21-226/ | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T19:56:11.055Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.opendesign.com/security-advisories" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-226/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-08T14:06:30", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.opendesign.com/security-advisories" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-226/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-25174", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.opendesign.com/security-advisories", "refsource": "MISC", "url": "https://www.opendesign.com/security-advisories" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-226/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-226/" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-25174", "datePublished": "2021-01-18T07:14:00", "dateReserved": "2021-01-15T00:00:00", "dateUpdated": "2024-08-03T19:56:11.055Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-26989
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-050/ | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf | x_refsource_CONFIRM |
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0.1 |
||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.242Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-050/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.1" } ] }, { "product": "Solid Edge SE2020", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c SE2020MP12" } ] }, { "product": "Solid Edge SE2021", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c SE2021MP2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Solid Edge SE2020 (All Versions \u003c SE2020MP12), Solid Edge SE2021 (All Versions \u003c SE2021MP2), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11892)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:24", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-050/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-26989", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.1" } ] } }, { "product_name": "Solid Edge SE2020", "version": { "version_data": [ { "version_value": "All Versions \u003c SE2020MP12" } ] } }, { "product_name": "Solid Edge SE2021", "version": { "version_data": [ { "version_value": "All Versions \u003c SE2021MP2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Solid Edge SE2020 (All Versions \u003c SE2020MP12), Solid Edge SE2021 (All Versions \u003c SE2021MP2), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11892)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-121: Stack-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-050/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-050/" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-26989", "datePublished": "2021-01-12T20:18:34", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.242Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41287
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.6 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:42:44.640Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.8" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.4" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains divide by zero vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-369", "description": "CWE-369: Divide By Zero", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-11T09:02:47.392Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-41287", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-09-21T00:00:00", "dateUpdated": "2024-08-03T12:42:44.640Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34333
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.513Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in double free of an allocated buffer that leads to a crash. An attacker could leverage this vulnerability to cause denial of service condition. (CNVD-C-2021-79295)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-415", "description": "CWE-415: Double Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-13T11:03:48", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34333", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in double free of an allocated buffer that leads to a crash. An attacker could leverage this vulnerability to cause denial of service condition. (CNVD-C-2021-79295)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-415: Double Free" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34333", "datePublished": "2021-07-13T11:03:48", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.513Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34314
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-843/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.494Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-843/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13355)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:49", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-843/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34314", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13355)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-843/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-843/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34314", "datePublished": "2021-07-13T11:03:31", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.494Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34318
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-854/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.532Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-854/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing PCT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13403)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:29", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-854/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34318", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing PCT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13403)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-854/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-854/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34318", "datePublished": "2021-07-13T11:03:35", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.532Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-33124
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.2.0.3 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:39:35.997Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.3" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.13" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.10" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.8" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.3" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.2.0.3), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.13), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.10), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.6), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.8), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.3). The affected applications contain a memory corruption vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-13T08:17:17.687Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-33124", "datePublished": "2023-06-13T08:17:17.687Z", "dateReserved": "2023-05-17T13:17:47.573Z", "dateUpdated": "2024-08-02T15:39:35.997Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-33738
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-981/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2.0.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:58:22.886Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-981/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.2), Teamcenter Visualization (All versions \u003c V13.2.0.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13405)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-14T10:47:39", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-981/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-33738", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.2), Teamcenter Visualization (All versions \u003c V13.2.0.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13405)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-981/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-981/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-33738", "datePublished": "2021-08-10T10:35:33", "dateReserved": "2021-05-28T00:00:00", "dateUpdated": "2024-08-03T23:58:22.886Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-32938
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Drawings SDK |
Version: All versions prior to 2022.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:33:55.918Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "tags": [ "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-980/" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Drawings SDK", "vendor": "n/a", "versions": [ { "status": "affected", "version": "All versions prior to 2022.4" } ] } ], "descriptions": [ { "lang": "en", "value": "Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of service condition or read sensitive information from memory." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "OUT-OF-BOUNDS READ CWE-125", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-14T00:00:00", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-980/" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-32938", "datePublished": "2021-06-17T00:00:00", "dateReserved": "2021-05-13T00:00:00", "dateUpdated": "2024-08-03T23:33:55.918Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-29028
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.3.0.3 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:10:58.706Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.3" } ] }, { "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.3" } ] }, { "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.3.0.3), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.3), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-835", "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-10T09:47:05", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2022-29028", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.3.0.3" } ] } }, { "product_name": "Teamcenter Visualization V13.3", "version": { "version_data": [ { "version_value": "All versions \u003c V13.3.0.3" } ] } }, { "product_name": "Teamcenter Visualization V14.0", "version": { "version_data": [ { "version_value": "All versions \u003c V14.0.0.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.3.0.3), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.3), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-29028", "datePublished": "2022-05-10T09:47:05", "dateReserved": "2022-04-11T00:00:00", "dateUpdated": "2024-08-03T06:10:58.706Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-29033
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.3.0.3 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:10:58.466Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.3" } ] }, { "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.3" } ] }, { "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.3.0.3), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.3), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-824", "description": "CWE-824: Access of Uninitialized Pointer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-10T09:47:12", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2022-29033", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.3.0.3" } ] } }, { "product_name": "Teamcenter Visualization V13.3", "version": { "version_data": [ { "version_value": "All versions \u003c V13.3.0.3" } ] } }, { "product_name": "Teamcenter Visualization V14.0", "version": { "version_data": [ { "version_value": "All versions \u003c V14.0.0.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.3.0.3), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.3), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-824: Access of Uninitialized Pointer" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-29033", "datePublished": "2022-05-10T09:47:12", "dateReserved": "2022-04-11T00:00:00", "dateUpdated": "2024-08-03T06:10:58.466Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-27001
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-227/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.299Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-227/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.2), Teamcenter Visualization (All versions \u003c V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12041)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:24", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-227/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-27001", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.2), Teamcenter Visualization (All versions \u003c V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12041)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-121: Stack-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-227/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-227/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-27001", "datePublished": "2021-02-09T15:38:19", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.299Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34328
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-866/ | x_refsource_MISC |
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.483Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-866/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Solid Edge SE2021", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c SE2021MP5" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Solid Edge SE2021 (All Versions \u003c SE2021MP5), Teamcenter Visualization (All versions \u003c V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13424)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:13", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-866/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34328", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Solid Edge SE2021", "version": { "version_data": [ { "version_value": "All Versions \u003c SE2021MP5" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Solid Edge SE2021 (All Versions \u003c SE2021MP5), Teamcenter Visualization (All versions \u003c V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13424)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-122: Heap-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-866/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-866/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34328", "datePublished": "2021-07-13T11:03:44", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.483Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-26993
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.242Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer in the font index handling function. An attacker could leverage this vulnerability to execute code in the context of the current process." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:24", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-26993", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer in the font index handling function. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-121: Stack-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-26993", "datePublished": "2021-01-12T20:18:35", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.242Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34292
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-871/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.424Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-871/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12959)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:04", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-871/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34292", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12959)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-871/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-871/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34292", "datePublished": "2021-07-13T11:03:08", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.424Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44008
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2.0.5 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.264Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-14T12:06:45", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44008", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-44008", "datePublished": "2021-12-14T12:06:45", "dateReserved": "2021-11-18T00:00:00", "dateUpdated": "2024-08-04T04:10:17.264Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-26988
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-049/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.182Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-049/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11891)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:23", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-049/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-26988", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11891)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-049/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-049/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-26988", "datePublished": "2021-01-12T20:18:34", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.182Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38074
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:30:14.057Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.11" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2201", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2201.0010" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2302", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2302.0004" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.1), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions \u003c V2201.0010), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20840)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-843", "description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-14T11:03:26.239Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38074", "datePublished": "2023-09-12T09:32:17.948Z", "dateReserved": "2023-07-12T13:18:53.822Z", "dateUpdated": "2024-08-02T17:30:14.057Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44014
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT Open |
Version: All versions < V11.1.1.0 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.199Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT Open", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V11.1.1.0" } ] }, { "defaultStatus": "unknown", "product": "JT Utilities", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.1.0" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2023" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT Open (All versions \u003c V11.1.1.0), JT Utilities (All versions \u003c V13.1.1.0), Solid Edge (All versions \u003c V2023). The Jt1001.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15057, ZDI-CAN-19081)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-10T11:39:18.959Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-44014", "datePublished": "2021-12-14T12:06:50", "dateReserved": "2021-11-18T00:00:00", "dateUpdated": "2024-08-04T04:10:17.199Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-27007
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-234/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-233/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0.1 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.190Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-234/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-233/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.1" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of HPG files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12207)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:25", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-234/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-233/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-27007", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.1" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of HPG files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12207)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-234/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-234/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-233/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-233/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-27007", "datePublished": "2021-02-09T15:38:20", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.190Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34307
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-836/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.419Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-836/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13343)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-126", "description": "CWE-126: Buffer Over-read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:36", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-836/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34307", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13343)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-126: Buffer Over-read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-836/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-836/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34307", "datePublished": "2021-07-13T11:03:24", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.419Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-27003
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-229/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0.1 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.193Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-229/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.1" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing TIFF files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12158)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-822", "description": "CWE-822: Untrusted Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:24", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-229/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-27003", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.1" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing TIFF files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12158)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-822: Untrusted Pointer Dereference" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-229/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-229/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-27003", "datePublished": "2021-02-09T15:38:19", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.193Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34331
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-869/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.533Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-869/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13442)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:51", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-869/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34331", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13442)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-869/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-869/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34331", "datePublished": "2021-07-13T11:03:47", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.533Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38683
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.2.0.5 |
||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:46:56.939Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-38683", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-11T13:15:58.316782Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-11T13:16:08.622Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.5" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.14" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.10" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.5" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.2.0.5), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.14), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.10), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.5). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted TIFF file. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-08T09:20:48.395Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38683", "datePublished": "2023-08-08T09:20:48.395Z", "dateReserved": "2023-07-24T13:55:32.997Z", "dateUpdated": "2024-10-11T13:16:08.622Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-32946
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02 | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf | x_refsource_CONFIRM | |
https://www.zerodayinitiative.com/advisories/ZDI-21-983/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-985/ | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Drawings SDK |
Version: Version 2022.4 and prior |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:33:55.940Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-983/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-985/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Drawings SDK", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Version 2022.4 and prior" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-754", "description": "IMPROPER CHECK FOR UNUSUAL OR EXCEPTIONAL CONDITIONS CWE-754", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-08T14:06:31", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-983/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-985/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-32946", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Drawings SDK", "version": { "version_data": [ { "version_value": "Version 2022.4 and prior" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "IMPROPER CHECK FOR UNUSUAL OR EXCEPTIONAL CONDITIONS CWE-754" } ] } ] }, "references": { "reference_data": [ { "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-983/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-983/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-985/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-985/" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-32946", "datePublished": "2021-06-17T11:56:39", "dateReserved": "2021-05-13T00:00:00", "dateUpdated": "2024-08-03T23:33:55.940Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26275
Vulnerability from cvelistv5
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: 0 < V2312.0004 |
||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "jt2go", "vendor": "siemens", "versions": [ { "lessThan": "2312.0004", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "parasolid", "vendor": "siemens", "versions": [ { "lessThan": "35.1.254", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "36.0.207", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "36.1.147", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:teamcenter_visualization:14.2:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:teamcenter_visualization:14.3:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:teamcenter_visualization:2312:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "teamcenter_visualization", "vendor": "siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "14.2", "versionType": "custom" }, { "lessThan": "14.3.0.9", "status": "affected", "version": "14.3", "versionType": "custom" }, { "lessThan": "2312.0004", "status": "affected", "version": "2312", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26275", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-09T15:24:40.222186Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-31T18:33:02.344Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:07:19.343Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0004", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.1", "vendor": "Siemens", "versions": [ { "lessThan": "V35.1.254", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V36.0", "vendor": "Siemens", "versions": [ { "lessThan": "V36.0.207", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V36.1", "vendor": "Siemens", "versions": [ { "lessThan": "V36.1.147", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.12", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.9", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0004", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V2312.0004), Parasolid V35.1 (All versions \u003c V35.1.254), Parasolid V36.0 (All versions \u003c V36.0.207), Parasolid V36.1 (All versions \u003c V36.1.147), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.12), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.9), Teamcenter Visualization V2312 (All versions \u003c V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T07:54:00.911Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-26275", "datePublished": "2024-04-09T08:34:36.604Z", "dateReserved": "2024-02-15T10:54:03.168Z", "dateUpdated": "2024-08-13T07:54:00.911Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-27005
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-231/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0.1 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.173Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-231/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.1" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12178)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:25", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-231/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-27005", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.1" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12178)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-231/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-231/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-27005", "datePublished": "2021-02-09T15:38:19", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.173Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38071
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:30:13.596Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-38071", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-25T21:17:44.338467Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-25T21:17:56.790Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.11" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2201", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2201.0010" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2302", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2302.0004" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.1), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions \u003c V2201.0010), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20824)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-14T11:03:22.297Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38071", "datePublished": "2023-09-12T09:32:14.673Z", "dateReserved": "2023-07-12T13:18:53.822Z", "dateUpdated": "2024-11-25T21:17:56.790Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41663
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.4 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:49:43.515Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.4" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.7" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.3" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.4" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.4), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.7), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.3), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.4). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-13T08:16:53.179Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-41663", "datePublished": "2022-11-08T00:00:00", "dateReserved": "2022-09-27T00:00:00", "dateUpdated": "2024-08-03T12:49:43.515Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-27000
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-237/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0.1 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.207Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-237/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.1" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing BMP files. This can result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12018)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:24", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-237/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-27000", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.1" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing BMP files. This can result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12018)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-237/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-237/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-27000", "datePublished": "2021-02-09T15:38:19", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.207Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44004
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2.0.5 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.276Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-14T12:06:42", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44004", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-44004", "datePublished": "2021-12-14T12:06:42", "dateReserved": "2021-11-18T00:00:00", "dateUpdated": "2024-08-04T04:10:17.276Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-26996
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-062/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.189Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-062/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of CG4 files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12027)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:24", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-062/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-26996", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of CG4 files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12027)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-062/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-062/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-26996", "datePublished": "2021-01-12T20:18:35", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.189Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41280
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.6 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:42:44.071Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.8" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.4" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-11T09:02:40.259Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-41280", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-09-21T00:00:00", "dateUpdated": "2024-08-03T12:42:44.071Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-25177
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.opendesign.com/security-advisories | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf | x_refsource_CONFIRM | |
https://www.zerodayinitiative.com/advisories/ZDI-21-219/ | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T19:56:10.609Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.opendesign.com/security-advisories" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-219/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-08T14:06:29", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.opendesign.com/security-advisories" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-219/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-25177", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.opendesign.com/security-advisories", "refsource": "MISC", "url": "https://www.opendesign.com/security-advisories" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-219/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-219/" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-25177", "datePublished": "2021-01-18T07:13:37", "dateReserved": "2021-01-15T00:00:00", "dateUpdated": "2024-08-03T19:56:10.609Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44017
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-22-011/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2.0.5 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.369Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-011/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Image.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted TIF files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15111)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-06T14:06:12", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-011/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44017", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Image.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted TIF files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15111)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-011/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-011/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-44017", "datePublished": "2021-12-14T12:06:51", "dateReserved": "2021-11-18T00:00:00", "dateUpdated": "2024-08-04T04:10:17.369Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-43336
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:55:28.546Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.opendesign.com/security-advisories" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "tags": [ "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-334/" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-14T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.opendesign.com/security-advisories" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-334/" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-43336", "datePublished": "2021-11-14T00:00:00", "dateReserved": "2021-11-03T00:00:00", "dateUpdated": "2024-08-04T03:55:28.546Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34312
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-841/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.495Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-841/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13353)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:06:31", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-841/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34312", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13353)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-122: Heap-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-841/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-841/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34312", "datePublished": "2021-07-13T11:03:29", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.495Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-32940
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Drawings SDK |
Version: All versions prior to 2022.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:33:56.100Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "tags": [ "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-986/" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Drawings SDK", "vendor": "n/a", "versions": [ { "status": "affected", "version": "All versions prior to 2022.4" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.5) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or read sensitive information from memory locations." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "OUT-OF-BOUNDS READ CWE-125", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-13T00:00:00", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-986/" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-32940", "datePublished": "2021-06-17T00:00:00", "dateReserved": "2021-05-13T00:00:00", "dateUpdated": "2024-08-03T23:33:56.100Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41285
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.6 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:42:44.047Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.8" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.4" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-11T09:02:45.408Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-41285", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-09-21T00:00:00", "dateUpdated": "2024-08-03T12:42:44.047Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41279
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.6 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:42:44.073Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.8" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.4" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-11T09:02:39.221Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-41279", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-09-21T00:00:00", "dateUpdated": "2024-08-03T12:42:44.073Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44011
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-22-007/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2.0.5 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.163Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-007/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer while parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15101)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-06T14:06:24", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-007/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44011", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer while parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15101)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-007/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-007/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-44011", "datePublished": "2021-12-14T12:06:47", "dateReserved": "2021-11-18T00:00:00", "dateUpdated": "2024-08-04T04:10:17.163Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26276
Vulnerability from cvelistv5
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: 0 < V2312.0004 |
||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:parasolid:35.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "parasolid", "vendor": "siemens", "versions": [ { "lessThan": "35.1.254", "status": "affected", "version": "35.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:parasolid:36.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "parasolid", "vendor": "siemens", "versions": [ { "lessThan": "36.0.207", "status": "affected", "version": "36.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:parasolid:36.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "parasolid", "vendor": "siemens", "versions": [ { "lessThan": "36.1.147", "status": "affected", "version": "36.1", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26276", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T13:40:25.505191Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T14:53:58.636Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:07:18.871Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0004", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.1", "vendor": "Siemens", "versions": [ { "lessThan": "V35.1.254", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V36.0", "vendor": "Siemens", "versions": [ { "lessThan": "V36.0.207", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V36.1", "vendor": "Siemens", "versions": [ { "lessThan": "V36.1.147", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.12", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.9", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0004", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V2312.0004), Parasolid V35.1 (All versions \u003c V35.1.254), Parasolid V36.0 (All versions \u003c V36.0.207), Parasolid V36.1 (All versions \u003c V36.1.147), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.12), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.9), Teamcenter Visualization V2312 (All versions \u003c V2312.0004). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T07:54:02.376Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-26276", "datePublished": "2024-04-09T08:34:37.744Z", "dateReserved": "2024-02-15T10:54:03.168Z", "dateUpdated": "2024-08-13T07:54:02.376Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34330
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-868/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.518Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-868/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13430)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:06:21", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-868/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34330", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13430)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-416: Use After Free" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-868/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-868/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34330", "datePublished": "2021-07-13T11:03:46", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.518Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34303
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-848/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.529Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-848/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13198)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-126", "description": "CWE-126: Buffer Over-read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:22", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-848/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34303", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13198)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-126: Buffer Over-read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-848/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-848/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34303", "datePublished": "2021-07-13T11:03:20", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.529Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41288
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.6 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:42:46.202Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.8" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.4" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains stack exhaustion vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-11T09:02:48.369Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-41288", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-09-21T00:00:00", "dateUpdated": "2024-08-03T12:42:46.202Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34299
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-845/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.611Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-845/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13192)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-126", "description": "CWE-126: Buffer Over-read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:07", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-845/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34299", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13192)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-126: Buffer Over-read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-845/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-845/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34299", "datePublished": "2021-07-13T11:03:16", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.611Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-51745
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.6 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:40:34.255Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.13" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.9" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.6" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.6), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.13), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.12), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.9), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-09T10:00:17.032Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-51745", "datePublished": "2024-01-09T10:00:17.032Z", "dateReserved": "2023-12-22T11:30:22.671Z", "dateUpdated": "2024-08-02T22:40:34.255Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34305
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-833/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-834/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.482Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-833/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-834/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13340)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:06:46", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-833/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-834/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34305", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13340)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-833/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-833/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-834/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-834/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34305", "datePublished": "2021-07-13T11:03:22", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.482Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34310
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-839/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.418Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-839/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13351)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:54", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-839/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34310", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13351)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-839/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-839/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34310", "datePublished": "2021-07-13T11:03:27", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.418Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34306
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-835/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.507Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-835/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13342)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:06:48", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-835/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34306", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13342)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-835/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-835/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34306", "datePublished": "2021-07-13T11:03:23", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.507Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-26994
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.262Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PCX files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:24", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-26994", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PCX files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-122: Heap-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-26994", "datePublished": "2021-01-12T20:18:35", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.262Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44009
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2.0.5 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.166Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-14T12:06:46", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44009", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-44009", "datePublished": "2021-12-14T12:06:46", "dateReserved": "2021-11-18T00:00:00", "dateUpdated": "2024-08-04T04:10:17.166Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38076
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:30:13.747Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.11" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2201", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2201.0010" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2302", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2302.0004" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.1), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions \u003c V2201.0010), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21041)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-14T11:03:28.851Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38076", "datePublished": "2023-09-12T09:32:20.160Z", "dateReserved": "2023-07-12T13:18:53.823Z", "dateUpdated": "2024-08-02T17:30:13.747Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-32950
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02 | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf | x_refsource_CONFIRM | |
https://www.zerodayinitiative.com/advisories/ZDI-21-988/ | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Drawings SDK |
Version: All versions prior to 2022.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:33:56.120Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-988/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Drawings SDK", "vendor": "n/a", "versions": [ { "status": "affected", "version": "All versions prior to 2022.4" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of-service condition or read sensitive information from memory locations." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "OUT-OF-BOUNDS READ CWE-125", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-08T14:06:20", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-988/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-32950", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Drawings SDK", "version": { "version_data": [ { "version_value": "All versions prior to 2022.4" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of-service condition or read sensitive information from memory locations." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "OUT-OF-BOUNDS READ CWE-125" } ] } ] }, "references": { "reference_data": [ { "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-988/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-988/" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-32950", "datePublished": "2021-06-17T12:41:51", "dateReserved": "2021-05-13T00:00:00", "dateUpdated": "2024-08-03T23:33:56.120Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44015
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-22-010/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2.0.5 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.299Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-010/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The VCRUNTIME140.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted CGM files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15109)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-06T14:06:26", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-010/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44015", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The VCRUNTIME140.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted CGM files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15109)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-010/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-010/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-44015", "datePublished": "2021-12-14T12:06:50", "dateReserved": "2021-11-18T00:00:00", "dateUpdated": "2024-08-04T04:10:17.299Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-34085
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: 0 < V2312.0001 |
||||||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:teamcenter_visualization:14.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "teamcenter_visualization", "vendor": "siemens", "versions": [ { "lessThan": "14.1.0.13", "status": "affected", "version": "14.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:teamcenter_visualization:14.2:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "teamcenter_visualization", "vendor": "siemens", "versions": [ { "lessThan": "14.2.0.10", "status": "affected", "version": "14.2", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "jt2go", "vendor": "siemens", "versions": [ { "lessThan": "2312.0001", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:teamcenter_visualization:2312:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "teamcenter_visualization", "vendor": "siemens", "versions": [ { "lessThan": "2312.0001", "status": "affected", "version": "2312", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-34085", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T14:07:42.511828Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T18:03:43.492Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:42:59.891Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-661579.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0001", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "lessThan": "V14.1.0.13", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.7", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0001", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V2312.0001), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.13), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.10), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.7), Teamcenter Visualization V2312 (All versions \u003c V2312.0001). The affected applications contain a stack overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-15T07:24:54.668Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-661579.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-34085", "datePublished": "2024-05-14T10:03:09.574Z", "dateReserved": "2024-04-30T09:05:07.900Z", "dateUpdated": "2024-08-02T02:42:59.891Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34319
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-855/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.414Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-855/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13404)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:01", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-855/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34319", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13404)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-855/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-855/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34319", "datePublished": "2021-07-13T11:03:36", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.414Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-26982
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-052/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.179Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-052/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CG4 and CGM files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11898)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:23", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-052/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-26982", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CG4 and CGM files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11898)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-052/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-052/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-26982", "datePublished": "2021-01-12T20:18:34", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.179Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-26984
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-051/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.199Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-051/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11972)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:23", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-051/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-26984", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11972)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-051/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-051/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-26984", "datePublished": "2021-01-12T20:18:34", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.199Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38075
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:30:13.592Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.11" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2201", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2201.0010" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2302", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2302.0004" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.1), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions \u003c V2201.0010), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0004). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20842)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-14T11:03:27.558Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38075", "datePublished": "2023-09-12T09:32:19.039Z", "dateReserved": "2023-07-12T13:18:53.823Z", "dateUpdated": "2024-08-02T17:30:13.592Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-25175
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.opendesign.com/security-advisories | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf | x_refsource_CONFIRM | |
https://www.zerodayinitiative.com/advisories/ZDI-21-245/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-246/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-244/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-223/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-224/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-218/ | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T19:56:10.649Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.opendesign.com/security-advisories" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-245/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-246/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-244/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-223/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-224/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-218/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-08T14:06:35", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.opendesign.com/security-advisories" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-245/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-246/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-244/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-223/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-224/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-218/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-25175", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.opendesign.com/security-advisories", "refsource": "MISC", "url": "https://www.opendesign.com/security-advisories" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-245/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-245/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-246/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-246/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-244/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-244/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-223/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-223/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-224/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-224/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-218/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-218/" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-25175", "datePublished": "2021-01-18T07:13:53", "dateReserved": "2021-01-15T00:00:00", "dateUpdated": "2024-08-03T19:56:10.649Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34316
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-849/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.516Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-849/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The DL180CoolType.dll library in affected applications lacks proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13380)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:38", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-849/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34316", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The DL180CoolType.dll library in affected applications lacks proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13380)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-849/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-849/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34316", "datePublished": "2021-07-13T11:03:33", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.516Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34317
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-853/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.638Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-853/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing PCX files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13402)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:06:39", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-853/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34317", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing PCX files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13402)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-122: Heap-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-853/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-853/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34317", "datePublished": "2021-07-13T11:03:34", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.638Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44010
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2.0.5 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.189Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-14T12:06:46", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44010", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-44010", "datePublished": "2021-12-14T12:06:46", "dateReserved": "2021-11-18T00:00:00", "dateUpdated": "2024-08-04T04:10:17.189Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-25173
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.opendesign.com/security-advisories | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf | x_refsource_CONFIRM | |
https://www.zerodayinitiative.com/advisories/ZDI-21-225/ | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T19:56:10.508Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.opendesign.com/security-advisories" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-225/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-08T14:06:23", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.opendesign.com/security-advisories" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-225/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-25173", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.opendesign.com/security-advisories", "refsource": "MISC", "url": "https://www.opendesign.com/security-advisories" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-225/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-225/" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-25173", "datePublished": "2021-01-18T07:14:10", "dateReserved": "2021-01-15T00:00:00", "dateUpdated": "2024-08-03T19:56:10.508Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3161
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: 0 < 14.1.0.5 |
||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:00:10.551Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-15" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-360681.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "JT2Go", "vendor": "Siemens\u00a0", "versions": [ { "lessThan": "14.1.0.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens\u00a0", "versions": [ { "lessThan": "13.3.0.8", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens\u00a0", "versions": [ { "lessThan": "14.0.0.4", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens\u00a0", "versions": [ { "lessThan": "14.1.0.5", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Michael Heinz and Nafiez reported these vulnerabilities to Siemens.\u00a0" } ], "datePublic": "2022-12-16T00:15:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\nThe APDFL.dll contains a memory corruption vulnerability while parsing \nspecially crafted PDF files. This could allow an attacker to execute \ncode in the context of the current process.\n\n\n\n\n\n" } ], "value": "\n\nThe APDFL.dll contains a memory corruption vulnerability while parsing \nspecially crafted PDF files. This could allow an attacker to execute \ncode in the context of the current process.\n\n\n\n\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-13T00:17:06.310Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-15" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-360681.html" }, { "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\nSiemens released updates for the affected products and recommends updating to the latest versions:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eJT2Go: \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html\"\u003eUpdate to V14.1.0.5 or later version\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u0026nbsp;\u003cbr\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eTeamcenter Visualization V13.3: \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eUpdate to V13.3.0.8 or later version\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u003cbr\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eTeamcenter Visualization V14.0: \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eUpdate to V14.0.0.4 or later version\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u003cbr\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eTeamcenter Visualization V14.1: \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eUpdate to V14.1.0.5 or later version\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e" } ], "value": "Siemens released updates for the affected products and recommends updating to the latest versions:\n * JT2Go: Update to V14.1.0.5 or later version https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html .\u00a0\n\n * Teamcenter Visualization V13.3: Update to V13.3.0.8 or later version https://support.sw.siemens.com/ .\n\n * Teamcenter Visualization V14.0: Update to V14.0.0.4 or later version https://support.sw.siemens.com/ .\n\n * Teamcenter Visualization V14.1: Update to V14.1.0.5 or later version https://support.sw.siemens.com/ .\n\n\n" } ], "source": { "discovery": "EXTERNAL" }, "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\u003cp\u003eSiemens identified the following specific workaround and mitigation user can apply to reduce risk: \u003c/p\u003e\n\n\u003cul\u003e\u003cli\u003eDo not open untrusted PDF files in JT2Go and Teamcenter Visualization.\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eAs a general security measure, Siemens recommends protecting \nnetwork access to devices with appropriate mechanisms. To operate the \ndevices in a protected IT environment, Siemens recommends configuring \nthe environment according to Siemens\u0027 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/cert/operational-guidelines-industrial-security\"\u003eoperational guidelines for industrial security\u003c/a\u003e\u003c/p\u003e and following the recommendations in the product manuals. Siemens also provides \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/industrialsecurity\"\u003eadditional information on industrial security\u003c/a\u003e.\u003cbr\u003e\nFor further inquiries on security vulnerabilities in Siemens products, users should contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/cert/advisories\"\u003eSiemens\u003c/a\u003e. \u003cbr\u003e\nFor more information, see the associated Siemens security advisory SSA-360681 in \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://cert-portal.siemens.com/productcert/html/ssa-360681.html\"\u003eHTML \u003c/a\u003eand \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json\"\u003eCSAF\u003c/a\u003e.\n\n\u003cbr\u003e" } ], "value": "Siemens identified the following specific workaround and mitigation user can apply to reduce risk: \n\n\n\n * Do not open untrusted PDF files in JT2Go and Teamcenter Visualization.\n\n\n\nAs a general security measure, Siemens recommends protecting \nnetwork access to devices with appropriate mechanisms. To operate the \ndevices in a protected IT environment, Siemens recommends configuring \nthe environment according to Siemens\u0027 operational guidelines for industrial security https://www.siemens.com/cert/operational-guidelines-industrial-security \n\n and following the recommendations in the product manuals. Siemens also provides additional information on industrial security https://www.siemens.com/industrialsecurity .\n\nFor further inquiries on security vulnerabilities in Siemens products, users should contact Siemens https://www.siemens.com/cert/advisories . \n\nFor more information, see the associated Siemens security advisory SSA-360681 in HTML https://cert-portal.siemens.com/productcert/html/ssa-360681.html and CSAF https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json .\n\n\n" } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2022-3161", "datePublished": "2023-01-13T00:17:06.310Z", "dateReserved": "2022-09-07T23:38:34.248Z", "dateUpdated": "2024-08-03T01:00:10.551Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34327
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-865/ | x_refsource_MISC |
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.413Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-865/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Solid Edge SE2021", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c SE2021MP5" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Solid Edge SE2021 (All Versions \u003c SE2021MP5), Teamcenter Visualization (All versions \u003c V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing ASM files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13423)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:06:36", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-865/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34327", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Solid Edge SE2021", "version": { "version_data": [ { "version_value": "All Versions \u003c SE2021MP5" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Solid Edge SE2021 (All Versions \u003c SE2021MP5), Teamcenter Visualization (All versions \u003c V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing ASM files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13423)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-122: Heap-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-865/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-865/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34327", "datePublished": "2021-07-13T11:03:43", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.413Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34293
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-850/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.493Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-850/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13020)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:59", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-850/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34293", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13020)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-850/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-850/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34293", "datePublished": "2021-07-13T11:03:10", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.493Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44016
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-22-338/ | x_refsource_MISC |
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2.0.7 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.279Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-338/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.7" } ] }, { "product": "Solid Edge SE2021", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c SE2021MP9" } ] }, { "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c SE2022MP1" } ] }, { "product": "Teamcenter Visualization V13.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.9" } ] }, { "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.7" } ] }, { "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.7), Solid Edge SE2021 (All versions \u003c SE2021MP9), Solid Edge SE2022 (All versions \u003c SE2022MP1), Teamcenter Visualization V13.1 (All versions \u003c V13.1.0.9), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.7), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-14T09:21:27", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-338/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44016", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.7" } ] } }, { "product_name": "Solid Edge SE2021", "version": { "version_data": [ { "version_value": "All versions \u003c SE2021MP9" } ] } }, { "product_name": "Solid Edge SE2022", "version": { "version_data": [ { "version_value": "All versions \u003c SE2022MP1" } ] } }, { "product_name": "Teamcenter Visualization V13.1", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.9" } ] } }, { "product_name": "Teamcenter Visualization V13.2", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.7" } ] } }, { "product_name": "Teamcenter Visualization V13.3", "version": { "version_data": [ { "version_value": "All versions \u003c V13.3.0.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.7), Solid Edge SE2021 (All versions \u003c SE2021MP9), Solid Edge SE2022 (All versions \u003c SE2022MP1), Teamcenter Visualization V13.1 (All versions \u003c V13.1.0.9), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.7), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-338/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-338/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-44016", "datePublished": "2022-02-09T15:17:09", "dateReserved": "2021-11-18T00:00:00", "dateUpdated": "2024-08-04T04:10:17.279Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-25176
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.opendesign.com/security-advisories | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf | x_refsource_CONFIRM | |
https://www.zerodayinitiative.com/advisories/ZDI-21-221/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-222/ | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T19:56:10.730Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.opendesign.com/security-advisories" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-221/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-222/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-08T14:06:16", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.opendesign.com/security-advisories" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-221/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-222/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-25176", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.opendesign.com/security-advisories", "refsource": "MISC", "url": "https://www.opendesign.com/security-advisories" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-221/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-221/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-222/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-222/" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-25176", "datePublished": "2021-01-18T07:13:46", "dateReserved": "2021-01-15T00:00:00", "dateUpdated": "2024-08-03T19:56:10.730Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38405
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: 0 < 13.2.0.7 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:37:16.588Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-041-07" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "13.2.0.7", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "lessThan": "12.4.0.13", "status": "affected", "version": "12.4", "versionType": "custom" }, { "lessThan": "13.1.0.8", "status": "affected", "version": "13.1", "versionType": "custom" }, { "lessThan": "13.2.0.7", "status": "affected", "version": "13.2", "versionType": "custom" }, { "lessThan": "13.3.0.1", "status": "affected", "version": "13.3", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Mat Powell of Trend Micro\u2019s Zero Day Initiative reported these vulnerabilities to Siemens and CISA." } ], "datePublic": "2022-06-16T16:46:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The Datalogics APDFL library used in affected products is vulnerable to memory corruption condition\u0026nbsp;while parsing specially crafted PDF files. An attacker could leverage this vulnerability to execute code\u0026nbsp;in the context of the current process." } ], "value": "The Datalogics APDFL library used in affected products is vulnerable to memory corruption condition\u00a0while parsing specially crafted PDF files. An attacker could leverage this vulnerability to execute code\u00a0in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-21T18:19:10.557Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-041-07" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\u003cp\u003eSiemens has released updates for some of the affected products and \nrecommends updating to the latest versions. Siemens is preparing further\n updates and recommends specific countermeasures for products where \nupdates are not yet available.\u003c/p\u003e\n\u003cul\u003e\u003cli\u003eJT2Go: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html\"\u003eUpdate to v13.2.0.7\u003c/a\u003e\u0026nbsp;or later version\u003c/li\u003e\u003cli\u003eTeamcenter Visualization v13.1: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eUpdate to v13.1.0.9 or later version\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTeamcenter Visualization v13.2: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eUpdate to v13.2.0.7 or later version\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eTeamcenter Visualization v13.3: \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eUpdate to v13.3.0.1 or later version\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ePlease see Siemens security advisory \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf\"\u003eSSA-301589\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efor more information.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e" } ], "value": "Siemens has released updates for some of the affected products and \nrecommends updating to the latest versions. Siemens is preparing further\n updates and recommends specific countermeasures for products where \nupdates are not yet available.\n\n\n * JT2Go: Update to v13.2.0.7 https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html \u00a0or later version\n * Teamcenter Visualization v13.1: Update to v13.1.0.9 or later version https://support.sw.siemens.com/ \n * Teamcenter Visualization v13.2: Update to v13.2.0.7 or later version https://support.sw.siemens.com/ \n * Teamcenter Visualization v13.3: Update to v13.3.0.1 or later version https://support.sw.siemens.com/ \n\n\n\nPlease see Siemens security advisory SSA-301589 https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf \u00a0for more information." } ], "source": { "discovery": "EXTERNAL" }, "title": "Siemens Solid Edge, JT2Go, and Teamcenter Visualization Improper Restriction of Operations within the Bounds of a Memory Buffer", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cp\u003eSiemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:\u003c/p\u003e\n\u003cul\u003e\u003cli\u003eAvoid opening untrusted files from unknown sources in affected products.\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eAs a general security measure, Siemens strongly recommends \nprotecting network access to devices with appropriate mechanisms. In \norder to operate the devices in a protected IT environment, Siemens \nrecommends configuring the environment according to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf\"\u003eSiemens\u2019 operational guidelines for industrial security\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e, and to follow the recommendations in the product manuals.\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003eAdditional information on industrial security by Siemens can be found on the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/industrialsecurity\"\u003eSiemens industrial security webpage\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003ePlease see Siemens security advisory \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf\"\u003eSSA-301589\u003c/a\u003e\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003efor more information.\u003c/span\u003e\u003c/p\u003e\n\n\u003cbr\u003e" } ], "value": "Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:\n\n\n * Avoid opening untrusted files from unknown sources in affected products.\n\n\n\nAs a general security measure, Siemens strongly recommends \nprotecting network access to devices with appropriate mechanisms. In \norder to operate the devices in a protected IT environment, Siemens \nrecommends configuring the environment according to Siemens\u2019 operational guidelines for industrial security https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf , and to follow the recommendations in the product manuals.\n\n\nAdditional information on industrial security by Siemens can be found on the Siemens industrial security webpage https://www.siemens.com/industrialsecurity .\n\n\nPlease see Siemens security advisory SSA-301589 https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf \u00a0for more information." } ], "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-38405", "datePublished": "2023-11-21T18:19:10.557Z", "dateReserved": "2021-08-10T19:21:41.085Z", "dateUpdated": "2024-08-04T01:37:16.588Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-27006
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-232/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0.1 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.193Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-232/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.1" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PCT files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12182)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:25", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-232/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-27006", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.1" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PCT files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12182)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-232/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-232/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-27006", "datePublished": "2021-02-09T15:38:19", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.193Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-27008
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-235/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0.1 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.179Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-235/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.1" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PLT files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12209)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:25", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-235/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-27008", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.1" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PLT files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12209)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-235/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-235/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-27008", "datePublished": "2021-02-09T15:38:20", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.179Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-32936
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Drawings SDK |
Version: All versions prior to 2022.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:33:56.172Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "tags": [ "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-982/" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Drawings SDK", "vendor": "n/a", "versions": [ { "status": "affected", "version": "All versions prior to 2022.4" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "OUT-OF-BOUNDS WRITE CWE-787", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-14T00:00:00", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-982/" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-32936", "datePublished": "2021-06-17T00:00:00", "dateReserved": "2021-05-13T00:00:00", "dateUpdated": "2024-08-03T23:33:56.172Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-26981
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-048/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.175Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-048/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11890)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-611", "description": "CWE-611: Improper Restriction of XML External Entity Reference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:23", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-048/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-26981", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11890)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-611: Improper Restriction of XML External Entity Reference" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-048/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-048/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-26981", "datePublished": "2021-01-12T20:18:33", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.175Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-29031
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.3.0.3 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:10:58.678Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.3" } ] }, { "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.3" } ] }, { "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.3.0.3), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.3), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-10T09:47:09", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2022-29031", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.3.0.3" } ] } }, { "product_name": "Teamcenter Visualization V13.3", "version": { "version_data": [ { "version_value": "All versions \u003c V13.3.0.3" } ] } }, { "product_name": "Teamcenter Visualization V14.0", "version": { "version_data": [ { "version_value": "All versions \u003c V14.0.0.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.3.0.3), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.3), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-476: NULL Pointer Dereference" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-29031", "datePublished": "2022-05-10T09:47:09", "dateReserved": "2022-04-11T00:00:00", "dateUpdated": "2024-08-03T06:10:58.678Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41282
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.6 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:42:44.917Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.8" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.4" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-11T09:02:42.354Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-41282", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-09-21T00:00:00", "dateUpdated": "2024-08-03T12:42:44.917Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-26999
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-239/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-860/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.220Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-239/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-860/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.2), Teamcenter Visualization (All versions \u003c V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12042)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:27", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-239/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-860/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-26999", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.2), Teamcenter Visualization (All versions \u003c V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12042)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-239/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-239/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-860/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-860/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-26999", "datePublished": "2021-02-09T15:38:19", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.220Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-26985
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-058/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-056/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.183Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-058/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-056/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of RGB and SGI files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11986, ZDI-CAN-11994)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:23", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-058/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-056/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-26985", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of RGB and SGI files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11986, ZDI-CAN-11994)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-122: Heap-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-058/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-058/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-056/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-056/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-26985", "datePublished": "2021-01-12T20:18:34", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.183Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34294
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-851/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.553Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-851/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13023" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:06:41", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-851/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34294", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13023" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-851/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-851/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34294", "datePublished": "2021-07-13T11:03:11", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.553Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-27002
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-228/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.180Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-228/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.2), Teamcenter Visualization (All versions \u003c V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12043)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:24", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-228/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-27002", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.2), Teamcenter Visualization (All versions \u003c V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12043)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-228/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-228/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-27002", "datePublished": "2021-02-09T15:38:19", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.180Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1709
Vulnerability from cvelistv5
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: 0 < 14.2.0.2 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:57:25.034Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-11" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-629917.html" }, { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-164-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "JT2Go", "vendor": "Siemens ", "versions": [ { "lessThan": "14.2.0.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Teamcenter Visualization", "vendor": "Siemens ", "versions": [ { "lessThan": "13.2.0.13", "status": "affected", "version": "13.2", "versionType": "custom" }, { "lessThan": "13.3.0.9", "status": "affected", "version": "13.3", "versionType": "custom" }, { "lessThan": "14.0.0.5", "status": "affected", "version": "14.0", "versionType": "custom" }, { "lessThan": "14.1.0.7", "status": "affected", "version": "14.1", "versionType": "custom" }, { "lessThan": "14.2.0.2", "status": "affected", "version": "14.2", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Library APDFL", "vendor": "Datalogics", "versions": [ { "lessThanOrEqual": "v18.0.4PlusP1e", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Michael Heinzl reported this vulnerability to Siemens. " } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\nDatalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process.\n\n \n\n" } ], "value": "\nDatalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process.\n\n \n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-14T20:17:02.964Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-11" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-629917.html" }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-164-01" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\u003cdiv\u003eSiemens has released updates for the affected products and recommends updating to the latest versions:\u003c/div\u003e\u003cul\u003e\u003cli\u003eJT2Go: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html\"\u003eUpdate to V14.2.0.2\u003c/a\u003e or later version\u003c/li\u003e\u003cli\u003eTeamcenter Visualization V13.2: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eUpdate to V13.2.0.13\u003c/a\u003e\u0026nbsp; or later version \u003c/li\u003e\u003cli\u003eTeamcenter Visualization V13.3: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eUpdate to V13.3.0.9\u003c/a\u003e\u0026nbsp; or later version \u003c/li\u003e\u003cli\u003eTeamcenter Visualization V14.0: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eUpdate to V14.0.0.5\u003c/a\u003e\u0026nbsp; or later version \u003c/li\u003e\u003cli\u003eTeamcenter Visualization V14.1: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eUpdate to V14.1.0.7\u003c/a\u003e\u0026nbsp; or later version \u003c/li\u003e\u003cli\u003eTeamcenter Visualization V14.2: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eUpdate to V14.2.0.2\u003c/a\u003e\u0026nbsp; or later version \n\n\u003c/li\u003e\u003c/ul\u003e" } ], "value": "Siemens has released updates for the affected products and recommends updating to the latest versions:\n\n * JT2Go: Update to V14.2.0.2 https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html or later version\n * Teamcenter Visualization V13.2: Update to V13.2.0.13 https://support.sw.siemens.com/ \u00a0 or later version \n * Teamcenter Visualization V13.3: Update to V13.3.0.9 https://support.sw.siemens.com/ \u00a0 or later version \n * Teamcenter Visualization V14.0: Update to V14.0.0.5 https://support.sw.siemens.com/ \u00a0 or later version \n * Teamcenter Visualization V14.1: Update to V14.1.0.7 https://support.sw.siemens.com/ \u00a0 or later version \n * Teamcenter Visualization V14.2: Update to V14.2.0.2 https://support.sw.siemens.com/ \u00a0 or later version \n\n\n\n\n" } ], "source": { "discovery": "EXTERNAL" }, "title": "Datalogics Library APDFL Stack-based Buffer Overflow", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\u003cp\u003eSiemens has identified the following specific workarounds and mitigations that users can apply to reduce risks: \u003c/p\u003e\n\u003cul\u003e\u003cli\u003eAvoid opening untrusted files in JT2Go and Teamcenter Visualization \u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eAs a general security measure, Siemens recommends protecting \nnetwork access to devices with appropriate mechanisms. To operate the \ndevices in a protected IT environment, Siemens recommends configuring \nthe environment according to Siemens\u0027 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/cert/operational-guidelines-industrial-security\"\u003eoperational guidelines for industrial security\u003c/a\u003e,\n and to follow the recommendations in the product manuals. Additional \ninformation on industrial security by Siemens can be found at the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/industrialsecurity\"\u003eSiemens Industrial Security web page\u003c/a\u003e. \n\u003c/p\u003e\u003cp\u003eFor further inquiries on security vulnerabilities in Siemens products and solutions, users should contact the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/cert/advisories\"\u003eSiemens ProductCERT\u003c/a\u003e.\u003c/p\u003e" } ], "value": "Siemens has identified the following specific workarounds and mitigations that users can apply to reduce risks: \n\n\n * Avoid opening untrusted files in JT2Go and Teamcenter Visualization \n\n\n\nAs a general security measure, Siemens recommends protecting \nnetwork access to devices with appropriate mechanisms. To operate the \ndevices in a protected IT environment, Siemens recommends configuring \nthe environment according to Siemens\u0027 operational guidelines for industrial security https://www.siemens.com/cert/operational-guidelines-industrial-security ,\n and to follow the recommendations in the product manuals. Additional \ninformation on industrial security by Siemens can be found at the Siemens Industrial Security web page https://www.siemens.com/industrialsecurity . \n\n\nFor further inquiries on security vulnerabilities in Siemens products and solutions, users should contact the Siemens ProductCERT https://www.siemens.com/cert/advisories .\n\n" }, { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\u003cp\u003eDatalogics recommends users to update to APDFL v18.0.4PlusP1g. \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.datalogics.com/datalogics-contact-us\"\u003eContact Datalogics\u003c/a\u003e\u0026nbsp;for more information on obtaining this update.\u003c/p\u003e\u003cp\u003eFor more information, refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dev.datalogics.com/adobe-pdf-library/release-notes-adobe-pdf-library-v-18/\"\u003eDatalogic\u2019s release notes\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e" } ], "value": "Datalogics recommends users to update to APDFL v18.0.4PlusP1g. Contact Datalogics https://www.datalogics.com/datalogics-contact-us \u00a0for more information on obtaining this update.\n\nFor more information, refer to Datalogic\u2019s release notes https://dev.datalogics.com/adobe-pdf-library/release-notes-adobe-pdf-library-v-18/ .\n\n\n\n\n" } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2023-1709", "datePublished": "2023-06-07T20:36:05.055Z", "dateReserved": "2023-03-29T22:59:38.901Z", "dateUpdated": "2024-08-02T05:57:25.034Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38073
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:30:14.105Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.11" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2201", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2201.0010" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2302", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2302.0004" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.1), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions \u003c V2201.0010), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20826)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-843", "description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-14T11:03:24.893Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38073", "datePublished": "2023-09-12T09:32:16.855Z", "dateReserved": "2023-07-12T13:18:53.822Z", "dateUpdated": "2024-08-02T17:30:14.105Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-26983
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-054/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.182Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-054/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11900)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:23", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-054/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-26983", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11900)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-054/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-054/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-26983", "datePublished": "2021-01-12T20:18:34", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.182Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-33121
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.2.0.3 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:39:35.930Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.3" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.13" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.10" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.8" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.3" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.2.0.3), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.13), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.10), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.6), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.8), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.3). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-13T08:17:14.419Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-33121", "datePublished": "2023-06-13T08:17:14.419Z", "dateReserved": "2023-05-17T13:17:47.573Z", "dateUpdated": "2024-08-02T15:39:35.930Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-28394
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-236/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0.1 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:33:59.078Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-236/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.1" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of RAS files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12283)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:25", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-236/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-28394", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.1" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of RAS files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12283)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-236/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-236/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-28394", "datePublished": "2021-02-09T15:38:20", "dateReserved": "2020-11-10T00:00:00", "dateUpdated": "2024-08-04T16:33:59.078Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41662
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.4 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:49:43.689Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.4" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.7" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.3" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.4" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.4), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.7), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.3), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-13T08:16:52.143Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-41662", "datePublished": "2022-11-08T00:00:00", "dateReserved": "2022-09-27T00:00:00", "dateUpdated": "2024-08-03T12:49:43.689Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-33717
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2.0.1 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:58:22.832Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.1" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.1), Teamcenter Visualization (All versions \u003c V13.2.0.1). When parsing specially crafted CGM Files, a NULL pointer deference condition could cause the application to crash. The application must be restarted to restore the service. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-08-10T10:35:31", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-33717", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.1" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.1), Teamcenter Visualization (All versions \u003c V13.2.0.1). When parsing specially crafted CGM Files, a NULL pointer deference condition could cause the application to crash. The application must be restarted to restore the service. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-476: NULL Pointer Dereference" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-33717", "datePublished": "2021-08-10T10:35:31", "dateReserved": "2021-05-28T00:00:00", "dateUpdated": "2024-08-03T23:58:22.832Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-32948
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Drawings SDK |
Version: All versions prior to 2022.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:33:56.055Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "tags": [ "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-984/" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Drawings SDK", "vendor": "n/a", "versions": [ { "status": "affected", "version": "All versions prior to 2022.4" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "OUT-OF-BOUNDS WRITE CWE-787", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-14T00:00:00", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-984/" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-32948", "datePublished": "2021-06-17T00:00:00", "dateReserved": "2021-05-13T00:00:00", "dateUpdated": "2024-08-03T23:33:56.055Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41286
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.6 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:42:45.461Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.8" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.4" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-11T09:02:46.397Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-41286", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-09-21T00:00:00", "dateUpdated": "2024-08-03T12:42:45.461Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-37996
Vulnerability from cvelistv5
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT Open |
Version: 0 < V11.5 |
||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-37996", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-15T18:31:15.685735Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-15T18:31:24.493Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:04:24.762Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-824889.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT Open", "vendor": "Siemens", "versions": [ { "lessThan": "V11.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V2406.0003", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "PLM XML SDK", "vendor": "Siemens", "versions": [ { "lessThan": "V7.1.0.014", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.13", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.11", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0008", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2406", "vendor": "Siemens", "versions": [ { "lessThan": "V2406.0003", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT Open (All versions \u003c V11.5), JT2Go (All versions \u003c V2406.0003), PLM XML SDK (All versions \u003c V7.1.0.014), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.13), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.11), Teamcenter Visualization V2312 (All versions \u003c V2312.0008), Teamcenter Visualization V2406 (All versions \u003c V2406.0003). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XML files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-08T08:40:13.781Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-824889.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-959281.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-37996", "datePublished": "2024-07-09T12:05:04.781Z", "dateReserved": "2024-06-11T08:32:52.184Z", "dateUpdated": "2024-10-08T08:40:13.781Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44000
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-22-335/ | x_refsource_MISC |
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2.0.7 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.128Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-335/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.7" } ] }, { "product": "Solid Edge SE2021", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c SE2021MP9" } ] }, { "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c SE2022MP1" } ] }, { "product": "Teamcenter Visualization V13.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.9" } ] }, { "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.7" } ] }, { "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.7), Solid Edge SE2021 (All versions \u003c SE2021MP9), Solid Edge SE2022 (All versions \u003c SE2022MP1), Teamcenter Visualization V13.1 (All versions \u003c V13.1.0.9), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.7), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-14T09:21:26", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-335/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44000", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.7" } ] } }, { "product_name": "Solid Edge SE2021", "version": { "version_data": [ { "version_value": "All versions \u003c SE2021MP9" } ] } }, { "product_name": "Solid Edge SE2022", "version": { "version_data": [ { "version_value": "All versions \u003c SE2022MP1" } ] } }, { "product_name": "Teamcenter Visualization V13.1", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.9" } ] } }, { "product_name": "Teamcenter Visualization V13.2", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.7" } ] } }, { "product_name": "Teamcenter Visualization V13.3", "version": { "version_data": [ { "version_value": "All versions \u003c V13.3.0.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.7), Solid Edge SE2021 (All versions \u003c SE2021MP9), Solid Edge SE2022 (All versions \u003c SE2022MP1), Teamcenter Visualization V13.1 (All versions \u003c V13.1.0.9), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.7), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-122: Heap-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-335/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-335/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-44000", "datePublished": "2022-02-09T15:17:07", "dateReserved": "2021-11-18T00:00:00", "dateUpdated": "2024-08-04T04:10:17.128Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-33123
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.2.0.3 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:39:35.988Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.3" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.13" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.10" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.8" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.3" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.2.0.3), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.13), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.10), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.6), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.8), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-13T08:17:16.585Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-33123", "datePublished": "2023-06-13T08:17:16.585Z", "dateReserved": "2023-05-17T13:17:47.573Z", "dateUpdated": "2024-08-02T15:39:35.988Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44012
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-22-008/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2.0.5 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.279Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-008/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15102)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-06T14:06:09", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-008/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44012", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15102)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-008/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-008/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-44012", "datePublished": "2021-12-14T12:06:48", "dateReserved": "2021-11-18T00:00:00", "dateUpdated": "2024-08-04T04:10:17.279Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34302
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-847/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.571Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-847/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13197)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-126", "description": "CWE-126: Buffer Over-read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:06:44", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-847/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34302", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13197)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-126: Buffer Over-read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-847/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-847/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34302", "datePublished": "2021-07-13T11:03:19", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.571Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28830
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.2.0.5 |
||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T13:51:38.123Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-28830", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T19:48:40.205775Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-23T19:49:54.534Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.5" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0 Update 13" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0 Update 4" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.15" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.11" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.11" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.5" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.2.0.5), Solid Edge SE2022 (All versions \u003c V222.0 Update 13), Solid Edge SE2023 (All versions \u003c V223.0 Update 4), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.15), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.11), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-08T09:20:17.760Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-28830", "datePublished": "2023-08-08T09:20:17.760Z", "dateReserved": "2023-03-24T15:17:33.934Z", "dateUpdated": "2024-10-23T19:49:54.534Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-51746
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.6 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:48:11.101Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-51746", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T15:13:57.367529Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T15:14:05.889Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.13" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.9" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.6" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.6), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.13), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.12), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.9), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-09T10:00:18.333Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-51746", "datePublished": "2024-01-09T10:00:18.333Z", "dateReserved": "2023-12-22T11:30:22.672Z", "dateUpdated": "2024-09-04T15:14:05.889Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-26980
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-046/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.259Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-046/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing JT files. A crafted JT file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11881)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-843", "description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:23", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-046/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-26980", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing JT files. A crafted JT file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11881)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-046/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-046/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-26980", "datePublished": "2021-01-12T20:18:33", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.259Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41281
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.6 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:42:44.072Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.8" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.4" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-11T09:02:41.331Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-41281", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-09-21T00:00:00", "dateUpdated": "2024-08-03T12:42:44.072Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44001
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-22-004/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2.0.5 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.157Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14974)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-06T14:06:14", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-004/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44001", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14974)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-004/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-004/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-44001", "datePublished": "2021-12-14T12:06:40", "dateReserved": "2021-11-18T00:00:00", "dateUpdated": "2024-08-04T04:10:17.157Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44002
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT Open |
Version: All versions < V11.1.1.0 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.089Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT Open", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V11.1.1.0" } ] }, { "defaultStatus": "unknown", "product": "JT Utilities", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.1.0" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2023" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT Open (All versions \u003c V11.1.1.0), JT Utilities (All versions \u003c V13.1.1.0), Solid Edge (All versions \u003c V2023). The Jt1001.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15058, ZDI-CAN-19076, ZDI-CAN-19077)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-10T11:39:17.904Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-44002", "datePublished": "2021-12-14T12:06:41", "dateReserved": "2021-11-18T00:00:00", "dateUpdated": "2024-08-04T04:10:17.089Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34298
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-872/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.453Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-872/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13060)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:06:15", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-872/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34298", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13060)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-416: Use After Free" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-872/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-872/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34298", "datePublished": "2021-07-13T11:03:15", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.453Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-29029
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.3.0.3 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:10:58.560Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.3" } ] }, { "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.3" } ] }, { "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.3.0.3), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.3), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-10T09:47:06", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2022-29029", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.3.0.3" } ] } }, { "product_name": "Teamcenter Visualization V13.3", "version": { "version_data": [ { "version_value": "All versions \u003c V13.3.0.3" } ] } }, { "product_name": "Teamcenter Visualization V14.0", "version": { "version_data": [ { "version_value": "All versions \u003c V14.0.0.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.3.0.3), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.3), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-476: NULL Pointer Dereference" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-29029", "datePublished": "2022-05-10T09:47:06", "dateReserved": "2022-04-11T00:00:00", "dateUpdated": "2024-08-03T06:10:58.560Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34322
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-859/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.574Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-859/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The JPEG2K_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13416)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-126", "description": "CWE-126: Buffer Over-read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:09", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-859/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34322", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The JPEG2K_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13416)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-126: Buffer Over-read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-859/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-859/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34322", "datePublished": "2021-07-13T11:03:38", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.574Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34301
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-873/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.555Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-873/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13196)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:32", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-873/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34301", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13196)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-416: Use After Free" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-873/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-873/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34301", "datePublished": "2021-07-13T11:03:18", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.555Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-32637
Vulnerability from cvelistv5
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: 0 < V2312.0005 |
||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ps_iges_parasolid_translator_component", "vendor": "siemens", "versions": [ { "lessThan": "v27.1.215 ", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32637", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T13:37:33.414539Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-18T18:07:35.849Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:13:40.086Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0005", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.12", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0005", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V2312.0005), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.12), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.10), Teamcenter Visualization V2312 (All versions \u003c V2312.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T07:54:07.678Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-856475.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-32637", "datePublished": "2024-05-14T10:02:44.682Z", "dateReserved": "2024-04-16T10:52:15.707Z", "dateUpdated": "2024-08-13T07:54:07.678Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34297
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-832/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.481Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-832/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13059)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:16", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-832/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34297", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13059)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-832/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-832/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34297", "datePublished": "2021-07-13T11:03:14", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.481Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41660
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.4 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:49:43.444Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.4" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.7" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.3" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.4" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.4), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.7), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.3), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.4). The affected products contain an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-13T08:16:50.033Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-41660", "datePublished": "2022-11-08T00:00:00", "dateReserved": "2022-09-27T00:00:00", "dateUpdated": "2024-08-03T12:49:43.444Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44003
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2.0.5 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.126Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll is vulnerable to use of uninitialized memory while parsing user supplied TIFF files. This could allow an attacker to cause a denial-of-service condition." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-457", "description": "CWE-457: Use of Uninitialized Variable", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-14T12:06:41", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44003", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll is vulnerable to use of uninitialized memory while parsing user supplied TIFF files. This could allow an attacker to cause a denial-of-service condition." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-457: Use of Uninitialized Variable" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-44003", "datePublished": "2021-12-14T12:06:41", "dateReserved": "2021-11-18T00:00:00", "dateUpdated": "2024-08-04T04:10:17.126Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-27004
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-230/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0.1 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.193Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-230/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.1" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of CGM files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12163)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:24", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-230/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-27004", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.1" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of CGM files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12163)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-230/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-230/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-27004", "datePublished": "2021-02-09T15:38:19", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.193Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41284
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.6 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:42:44.095Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.8" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.4" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-11T09:02:44.392Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-41284", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-09-21T00:00:00", "dateUpdated": "2024-08-03T12:42:44.095Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34313
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-842/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.563Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-842/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13354)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:06:26", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-842/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34313", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13354)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-122: Heap-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-842/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-842/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34313", "datePublished": "2021-07-13T11:03:30", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.563Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-7066
Vulnerability from cvelistv5
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: 0 < V14.3.0.8 |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "jt2go", "vendor": "siemens", "versions": [ { "lessThan": "14.3.0.8", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "teamcenter_visualization", "vendor": "siemens", "versions": [ { "lessThan": "14.1.0.14", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "14.2.0.10", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "14.3.0.8", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "2312.0002", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-7066", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T13:56:38.749766Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T14:02:45.201Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.8", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "lessThan": "V14.1.0.14", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "V14.2.0.10", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "V14.3.0.8", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "V2312.0002", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "MoyunSec reported this vulnerability to Siemens." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The affected applications contain an out of bounds read past the end of \nan allocated structure while parsing specially crafted PDF files. This \ncould allow an attacker to execute code in the context of the current \nprocess." } ], "value": "The affected applications contain an out of bounds read past the end of \nan allocated structure while parsing specially crafted PDF files. This \ncould allow an attacker to execute code in the context of the current \nprocess." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 7.3, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-12T21:46:38.910Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-722010.html" }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-03" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003e\nSiemens has released new versions for the affected products and recommends to update to the latest versions.\n\n:\u003c/p\u003e\u003cul\u003e\u003cli\u003eTeamcenter Visualization V14.1: Update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eV14.1.0.14 or later version\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTeamcenter Visualization V14.2: Update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eV14.2.0.10 or later version\u003c/a\u003e\u003c/li\u003e\u003cli\u003eJT2Go: Update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://plm.sw.siemens.com/en-US/plmcomponents/jt/jt2go/\"\u003eV14.3.0.8 or later version\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTeamcenter Visualization V14.3: Update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eV14.3.0.8 or later version\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTeamcenter Visualization V2312: Update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eV2312.0002 or later version\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\nFor more information see the associated Siemens security advisory SSA-722010\n\n\n\n\u003cbr\u003e" } ], "value": "Siemens has released new versions for the affected products and recommends to update to the latest versions.\n\n:\n\n * Teamcenter Visualization V14.1: Update to V14.1.0.14 or later version https://support.sw.siemens.com/ \n * Teamcenter Visualization V14.2: Update to V14.2.0.10 or later version https://support.sw.siemens.com/ \n * JT2Go: Update to V14.3.0.8 or later version https://plm.sw.siemens.com/en-US/plmcomponents/jt/jt2go/ \n * Teamcenter Visualization V14.3: Update to V14.3.0.8 or later version https://support.sw.siemens.com/ \n * Teamcenter Visualization V2312: Update to V2312.0002 or later version https://support.sw.siemens.com/ \n\n\n\nFor more information see the associated Siemens security advisory SSA-722010" } ], "source": { "advisory": "ICSA-24-193-03", "discovery": "EXTERNAL" }, "title": "Siemens Teamcenter Visualization and JT2Go Out-of-bounds Read", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eTo reduce risk, Siemens \nrecommends users not open untrusted PDF files in affected applications.\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\n\u003c/ul\u003e\n\u003cp\u003eAs a general security measure, Siemens recommends protecting network \naccess to devices with appropriate mechanisms. To operate the devices in\n a protected IT environment, Siemens recommends configuring the \nenvironment according to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/cert/operational-guidelines-industrial-security\"\u003eSiemens\u0027 operational guidelines for industrial security\u003c/a\u003e and following recommendations in the product manuals.\u003c/p\u003e\n\u003cp\u003eAdditional information on industrial security by Siemens can be found on the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/industrialsecurity\"\u003eSiemens industrial security webpage\u003c/a\u003e\u003c/p\u003eFor more information see the associated Siemens security advisory SSA-722010\n\n\u003cbr\u003e" } ], "value": "To reduce risk, Siemens \nrecommends users not open untrusted PDF files in affected applications.\n\n\n\n\n\n\nAs a general security measure, Siemens recommends protecting network \naccess to devices with appropriate mechanisms. To operate the devices in\n a protected IT environment, Siemens recommends configuring the \nenvironment according to Siemens\u0027 operational guidelines for industrial security https://www.siemens.com/cert/operational-guidelines-industrial-security and following recommendations in the product manuals.\n\n\nAdditional information on industrial security by Siemens can be found on the Siemens industrial security webpage https://www.siemens.com/industrialsecurity \n\nFor more information see the associated Siemens security advisory SSA-722010" } ], "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2023-7066", "datePublished": "2024-08-12T21:46:38.910Z", "dateReserved": "2023-12-21T19:40:53.933Z", "dateUpdated": "2024-08-14T14:02:45.201Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34311
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-840/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.484Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-840/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Mono_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13352)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:06:13", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-840/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34311", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Mono_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13352)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-840/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-840/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34311", "datePublished": "2021-07-13T11:03:28", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.484Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-41902
Vulnerability from cvelistv5
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "jt2go", "vendor": "siemens", "versions": [ { "lessThan": "2406.0003", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-41902", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-08T18:02:30.732549Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-08T18:03:27.584Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V2406.0003", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V2406.0003). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-08T08:40:18.170Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-626178.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-41902", "datePublished": "2024-10-08T08:40:18.170Z", "dateReserved": "2024-07-23T10:56:51.267Z", "dateUpdated": "2024-10-08T18:03:27.584Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-26992
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.189Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:24", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-26992", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-121: Stack-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-26992", "datePublished": "2021-01-12T20:18:35", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.189Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44018
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-22-340/ | x_refsource_MISC |
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2.0.7 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.421Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-340/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.7" } ] }, { "product": "Solid Edge SE2021", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c SE2021MP9" } ] }, { "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c SE2022MP1" } ] }, { "product": "Teamcenter Visualization V13.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.9" } ] }, { "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.7" } ] }, { "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.7), Solid Edge SE2021 (All versions \u003c SE2021MP9), Solid Edge SE2022 (All versions \u003c SE2022MP1), Teamcenter Visualization V13.1 (All versions \u003c V13.1.0.9), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.7), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-14T09:21:28", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-340/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44018", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.7" } ] } }, { "product_name": "Solid Edge SE2021", "version": { "version_data": [ { "version_value": "All versions \u003c SE2021MP9" } ] } }, { "product_name": "Solid Edge SE2022", "version": { "version_data": [ { "version_value": "All versions \u003c SE2022MP1" } ] } }, { "product_name": "Teamcenter Visualization V13.1", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.9" } ] } }, { "product_name": "Teamcenter Visualization V13.2", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.7" } ] } }, { "product_name": "Teamcenter Visualization V13.3", "version": { "version_data": [ { "version_value": "All versions \u003c V13.3.0.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.7), Solid Edge SE2021 (All versions \u003c SE2021MP9), Solid Edge SE2022 (All versions \u003c SE2022MP1), Teamcenter Visualization V13.1 (All versions \u003c V13.1.0.9), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.7), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-340/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-340/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-44018", "datePublished": "2022-02-09T15:17:10", "dateReserved": "2021-11-18T00:00:00", "dateUpdated": "2024-08-04T04:10:17.421Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41278
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.6 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:42:45.639Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.8" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.4" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-11T09:02:38.189Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-41278", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-09-21T00:00:00", "dateUpdated": "2024-08-03T12:42:45.639Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34321
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-858/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.438Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-858/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The VisDraw.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13414)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-126", "description": "CWE-126: Buffer Over-read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:06:56", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-858/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34321", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The VisDraw.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13414)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-126: Buffer Over-read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-858/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-858/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34321", "datePublished": "2021-07-13T11:03:37", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.438Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34291
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-870/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.396Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-870/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12956)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:20", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-870/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34291", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12956)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-870/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-870/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34291", "datePublished": "2021-07-13T11:03:07", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.396Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-25178
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.opendesign.com/security-advisories | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf | x_refsource_CONFIRM | |
https://www.zerodayinitiative.com/advisories/ZDI-21-243/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-240/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-220/ | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T19:56:10.578Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.opendesign.com/security-advisories" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-243/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-240/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-220/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-08T14:06:18", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.opendesign.com/security-advisories" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-243/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-240/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-220/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-25178", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.opendesign.com/security-advisories", "refsource": "MISC", "url": "https://www.opendesign.com/security-advisories" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-243/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-243/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-240/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-240/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-220/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-220/" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-25178", "datePublished": "2021-01-18T07:12:43", "dateReserved": "2021-01-15T00:00:00", "dateUpdated": "2024-08-03T19:56:10.578Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-32636
Vulnerability from cvelistv5
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: 0 < V2312.0005 |
||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:parasolid:35.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "parasolid", "vendor": "siemens", "versions": [ { "lessThan": "35.1.256", "status": "affected", "version": "35.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:parasolid:36.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "parasolid", "vendor": "siemens", "versions": [ { "lessThan": "36.0.208", "status": "affected", "version": "36.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:parasolid:36.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "parasolid", "vendor": "siemens", "versions": [ { "lessThan": "36.1.173", "status": "affected", "version": "36.1", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32636", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T13:37:41.622204Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T17:29:19.950Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:13:40.376Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0005", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.12", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0005", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V2312.0005), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.12), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.10), Teamcenter Visualization V2312 (All versions \u003c V2312.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T07:54:06.352Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-856475.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-32636", "datePublished": "2024-05-14T10:02:43.480Z", "dateReserved": "2024-04-16T10:52:15.707Z", "dateUpdated": "2024-08-13T07:54:06.352Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34296
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-831/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.570Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-831/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13057)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:34", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-831/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34296", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13057)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-831/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-831/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34296", "datePublished": "2021-07-13T11:03:13", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.570Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-26987
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-061/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-059/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.244Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-061/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-059/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12016, ZDI-CAN-12017)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:23", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-061/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-059/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-26987", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12016, ZDI-CAN-12017)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-122: Heap-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-061/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-061/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-059/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-059/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-26987", "datePublished": "2021-01-12T20:18:34", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.244Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-26995
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-060/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-241/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-242/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.202Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-060/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-241/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-242/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of SGI and RGB files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11992)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:24", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-060/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-241/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-242/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-26995", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of SGI and RGB files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11992)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-060/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-060/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-241/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-241/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-242/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-242/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-26995", "datePublished": "2021-01-12T20:18:35", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.202Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-32944
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02 | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf | x_refsource_CONFIRM | |
https://www.zerodayinitiative.com/advisories/ZDI-21-987/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-990/ | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Drawings SDK |
Version: All versions prior to 2022.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:33:55.939Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-987/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-990/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Drawings SDK", "vendor": "n/a", "versions": [ { "status": "affected", "version": "All versions prior to 2022.4" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "USE AFTER FREE CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-08T14:06:24", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-987/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-990/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-32944", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Drawings SDK", "version": { "version_data": [ { "version_value": "All versions prior to 2022.4" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "USE AFTER FREE CWE-416" } ] } ] }, "references": { "reference_data": [ { "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-987/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-987/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-990/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-990/" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-32944", "datePublished": "2021-06-17T12:50:37", "dateReserved": "2021-05-13T00:00:00", "dateUpdated": "2024-08-03T23:33:55.939Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34332
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.479Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in an infinite loop condition that leads to denial of service condition. An attacker could leverage this vulnerability to consume excessive resources. (CNVD-C-2021-79300)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-835", "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-13T11:03:47", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34332", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in an infinite loop condition that leads to denial of service condition. An attacker could leverage this vulnerability to consume excessive resources. (CNVD-C-2021-79300)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34332", "datePublished": "2021-07-13T11:03:48", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.479Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-27390
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-645530.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-694/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0.3 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:48:16.964Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-645530.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-694/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.3" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.3" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.3), Teamcenter Visualization (All versions \u003c V13.1.0.3). The TIFF_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13131)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-17T17:06:08", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-645530.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-694/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-27390", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.3" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.3" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.3), Teamcenter Visualization (All versions \u003c V13.1.0.3). The TIFF_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13131)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-645530.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-645530.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-694/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-694/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-27390", "datePublished": "2021-06-08T19:47:16", "dateReserved": "2021-02-18T00:00:00", "dateUpdated": "2024-08-03T20:48:16.964Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-26991
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-053/ | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf | x_refsource_CONFIRM | |
https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.176Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-053/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.2), Teamcenter Visualization (All versions \u003c V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing ASM files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11899)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-822", "description": "CWE-822: Untrusted Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:24", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-053/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-26991", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.2), Teamcenter Visualization (All versions \u003c V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing ASM files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11899)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-822: Untrusted Pointer Dereference" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-053/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-053/" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-26991", "datePublished": "2021-01-12T20:18:34", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.176Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-37997
Vulnerability from cvelistv5
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT Open |
Version: 0 < V11.5 |
||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:jt_open:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "jt_open", "vendor": "siemens", "versions": [ { "lessThan": "V11.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:plm_xml_sdk:v7.1.0.0014:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "plm_xml_sdk", "vendor": "siemens", "versions": [ { "status": "affected", "version": "V7.1.0.014" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-37997", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T13:19:33.793225Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T13:25:16.197Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:04:24.591Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-824889.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT Open", "vendor": "Siemens", "versions": [ { "lessThan": "V11.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V2406.0003", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "PLM XML SDK", "vendor": "Siemens", "versions": [ { "lessThan": "V7.1.0.014", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.13", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.11", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0008", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2406", "vendor": "Siemens", "versions": [ { "lessThan": "V2406.0003", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT Open (All versions \u003c V11.5), JT2Go (All versions \u003c V2406.0003), PLM XML SDK (All versions \u003c V7.1.0.014), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.13), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.11), Teamcenter Visualization V2312 (All versions \u003c V2312.0008), Teamcenter Visualization V2406 (All versions \u003c V2406.0003). The affected applications contain a stack based overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-08T08:40:15.076Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-824889.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-959281.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-37997", "datePublished": "2024-07-09T12:05:06.114Z", "dateReserved": "2024-06-11T08:32:52.184Z", "dateUpdated": "2024-10-08T08:40:15.076Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34320
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-856/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.646Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-856/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-126", "description": "CWE-126: Buffer Over-read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:24", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-856/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34320", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-126: Buffer Over-read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-856/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-856/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34320", "datePublished": "2021-07-13T11:03:36", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.646Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34304
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-874/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.528Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-874/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13199)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-126", "description": "CWE-126: Buffer Over-read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:43", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-874/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34304", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13199)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-126: Buffer Over-read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-874/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-874/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34304", "datePublished": "2021-07-13T11:03:21", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.528Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-32952
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02 | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf | x_refsource_CONFIRM | |
https://www.zerodayinitiative.com/advisories/ZDI-21-989/ | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Drawings SDK |
Version: Version 2022.4 and prior |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:33:56.218Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-989/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Drawings SDK", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Version 2022.4 and prior" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "OUT-OF-BOUNDS WRITE CWE-787", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-08T14:06:21", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-989/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-32952", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Drawings SDK", "version": { "version_data": [ { "version_value": "Version 2022.4 and prior" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "OUT-OF-BOUNDS WRITE CWE-787" } ] } ] }, "references": { "reference_data": [ { "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-989/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-989/" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-32952", "datePublished": "2021-06-17T12:05:05", "dateReserved": "2021-05-13T00:00:00", "dateUpdated": "2024-08-03T23:33:56.218Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-39136
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.4 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T11:10:32.471Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.4" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.7" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V13.3.0.7 \u003c V13.3.0.8" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.3" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.4" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.4), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.7), Teamcenter Visualization V13.3 (All versions \u003e= V13.3.0.7 \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.3), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.4). The affected application is vulnerable to fixed-length heap-based buffer while parsing specially crafted TIF files. An attacker could leverage this vulnerability to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-13T08:16:47.803Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-39136", "datePublished": "2022-11-08T00:00:00", "dateReserved": "2022-09-01T00:00:00", "dateUpdated": "2024-08-03T11:10:32.471Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-26986
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-057/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.1.0 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:23.183Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-057/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12014)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-19T13:51:23", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-057/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-26986", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12014)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-122: Heap-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-057/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-057/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-26986", "datePublished": "2021-01-12T20:18:34", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.183Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38682
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.2.0.5 |
||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:46:56.643Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-38682", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-11T13:17:15.547740Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-11T13:17:25.296Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.5" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.14" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.10" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.5" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.2.0.5), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.14), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.10), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-08T09:20:47.299Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38682", "datePublished": "2023-08-08T09:20:47.299Z", "dateReserved": "2023-07-24T13:55:32.996Z", "dateUpdated": "2024-10-11T13:17:25.296Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41664
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.4 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:49:43.516Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.4" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.7" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.3" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.4" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.4), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.7), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.3), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.4). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-13T08:16:54.230Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-41664", "datePublished": "2022-11-08T00:00:00", "dateReserved": "2022-09-27T00:00:00", "dateUpdated": "2024-08-03T12:49:43.516Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34325
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-863/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.502Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-863/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13421)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-126", "description": "CWE-126: Buffer Over-read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:18", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-863/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34325", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13421)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-126: Buffer Over-read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-863/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-863/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34325", "datePublished": "2021-07-13T11:03:41", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.502Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-45484
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.6 |
||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:17:03.608Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.9" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.8" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.5" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.4" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.9), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.5), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CCITT_G4Decode.dll contains an out of bounds read vulnerability when parsing a RAS file. An attacker can leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19056)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-11T09:02:52.706Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-45484", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-11-21T00:00:00", "dateUpdated": "2024-08-03T14:17:03.608Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-51439
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.6 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:32:10.018Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.13" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.9" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.6" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.6), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.13), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.12), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.9), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.6). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-09T10:00:14.394Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-51439", "datePublished": "2024-01-09T10:00:14.394Z", "dateReserved": "2023-12-19T11:47:14.991Z", "dateUpdated": "2024-08-02T22:32:10.018Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38072
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:30:13.939Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.11" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2201", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2201.0010" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2302", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2302.0004" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.1), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions \u003c V2201.0010), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0004). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20825)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-14T11:03:23.586Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38072", "datePublished": "2023-09-12T09:32:15.739Z", "dateReserved": "2023-07-12T13:18:53.822Z", "dateUpdated": "2024-08-02T17:30:13.939Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34309
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-838/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.459Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-838/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13350)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:06:23", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-838/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34309", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13350)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-838/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-838/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34309", "datePublished": "2021-07-13T11:03:26", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.459Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-29032
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.3.0.3 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:10:58.657Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.3" } ] }, { "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.3" } ] }, { "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.3.0.3), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.3), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-415", "description": "CWE-415: Double Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-10T09:47:11", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2022-29032", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.3.0.3" } ] } }, { "product_name": "Teamcenter Visualization V13.3", "version": { "version_data": [ { "version_value": "All versions \u003c V13.3.0.3" } ] } }, { "product_name": "Teamcenter Visualization V14.0", "version": { "version_data": [ { "version_value": "All versions \u003c V14.0.0.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.3.0.3), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.3), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-415: Double Free" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-29032", "datePublished": "2022-05-10T09:47:11", "dateReserved": "2022-04-11T00:00:00", "dateUpdated": "2024-08-03T06:10:58.657Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34308
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-837/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:05:52.600Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-837/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13344)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-126", "description": "CWE-126: Buffer Over-read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-19T10:07:57", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-837/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-34308", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13344)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-126: Buffer Over-read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-837/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-837/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-34308", "datePublished": "2021-07-13T11:03:25", "dateReserved": "2021-06-08T00:00:00", "dateUpdated": "2024-08-04T00:05:52.600Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44013
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-22-009/ | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V13.2.0.5 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.233Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-009/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] }, { "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.5" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15103)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-06T14:06:20", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-009/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44013", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } }, { "product_name": "Teamcenter Visualization", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.5" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15103)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-009/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-009/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-44013", "datePublished": "2021-12-14T12:06:49", "dateReserved": "2021-11-18T00:00:00", "dateUpdated": "2024-08-04T04:10:17.233Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-51744
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.6 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:40:34.169Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.13" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.9" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.6" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.6), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.13), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.12), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.9), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.6). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-09T10:00:15.708Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-51744", "datePublished": "2024-01-09T10:00:15.708Z", "dateReserved": "2023-12-22T11:30:22.671Z", "dateUpdated": "2024-08-02T22:40:34.169Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
var-202101-1901
Vulnerability from variot
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DXF and DWG files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": null, "trust": 2.1, "vendor": "siemens", "version": null }, { "_id": null, "model": "drawings software development kit", "scope": "lt", "trust": 1.0, "vendor": "opendesign", "version": "2021.11" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "comos", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "10.4.1" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "drawings sdk", "scope": null, "trust": 0.8, "vendor": "open design alliance", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-243" }, { "db": "ZDI", "id": "ZDI-21-240" }, { "db": "ZDI", "id": "ZDI-21-220" }, { "db": "JVNDB", "id": "JVNDB-2021-002749" }, { "db": "NVD", "id": "CVE-2021-25178" } ] }, "credits": { "_id": null, "data": "Francis Provencher {PRL}", "sources": [ { "db": "ZDI", "id": "ZDI-21-243" }, { "db": "ZDI", "id": "ZDI-21-240" } ], "trust": 1.4 }, "cve": "CVE-2021-25178", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-25178", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-383907", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-25178", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-25178", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-25178", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2021-25178", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2021-25178", "trust": 1.4, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2021-25178", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2021-25178", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2021-25178", "trust": 0.7, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202101-1314", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-383907", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-25178", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-243" }, { "db": "ZDI", "id": "ZDI-21-240" }, { "db": "ZDI", "id": "ZDI-21-220" }, { "db": "VULHUB", "id": "VHN-383907" }, { "db": "VULMON", "id": "CVE-2021-25178" }, { "db": "JVNDB", "id": "JVNDB-2021-002749" }, { "db": "CNNVD", "id": "CNNVD-202101-1314" }, { "db": "NVD", "id": "CVE-2021-25178" } ] }, "description": { "_id": null, "data": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DXF and DWG files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages", "sources": [ { "db": "NVD", "id": "CVE-2021-25178" }, { "db": "JVNDB", "id": "JVNDB-2021-002749" }, { "db": "ZDI", "id": "ZDI-21-243" }, { "db": "ZDI", "id": "ZDI-21-240" }, { "db": "ZDI", "id": "ZDI-21-220" }, { "db": "VULHUB", "id": "VHN-383907" }, { "db": "VULMON", "id": "CVE-2021-25178" } ], "trust": 3.69 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-25178", "trust": 4.7 }, { "db": "ZDI", "id": "ZDI-21-243", "trust": 3.3 }, { "db": "ZDI", "id": "ZDI-21-240", "trust": 3.3 }, { "db": "ZDI", "id": "ZDI-21-220", "trust": 3.3 }, { "db": "SIEMENS", "id": "SSA-663999", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-155599", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-21-047-01", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU92291213", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-002749", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12166", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12165", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11901", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-202101-1314", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2022.1047", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0577", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031102", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-069-06", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-040-06", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-383907", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-25178", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-243" }, { "db": "ZDI", "id": "ZDI-21-240" }, { "db": "ZDI", "id": "ZDI-21-220" }, { "db": "VULHUB", "id": "VHN-383907" }, { "db": "VULMON", "id": "CVE-2021-25178" }, { "db": "JVNDB", "id": "JVNDB-2021-002749" }, { "db": "CNNVD", "id": "CNNVD-202101-1314" }, { "db": "NVD", "id": "CVE-2021-25178" } ] }, "id": "VAR-202101-1901", "iot": { "_id": null, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-383907" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T20:40:42.378000Z", "patch": { "_id": null, "data": [ { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 2.1, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "title": "Vulnerabilities\u00a0in\u00a0the\u00a0ODA\u00a0Drawings\u00a0Software\u00a0Development\u00a0Kit Siemens Siemens\u00a0Security\u00a0Advisory", "trust": 0.8, "url": "https://www.opendesign.com/security-advisories" }, { "title": "Open Design Alliance Drawings SDK Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139573" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=1c3bdb36e22f42f5b9339f0ff806382c" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-243" }, { "db": "ZDI", "id": "ZDI-21-240" }, { "db": "ZDI", "id": "ZDI-21-220" }, { "db": "VULMON", "id": "CVE-2021-25178" }, { "db": "JVNDB", "id": "JVNDB-2021-002749" }, { "db": "CNNVD", "id": "CNNVD-202101-1314" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-383907" }, { "db": "JVNDB", "id": "JVNDB-2021-002749" }, { "db": "NVD", "id": "CVE-2021-25178" } ] }, "references": { "_id": null, "data": [ { "trust": 2.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "trust": 2.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-243/" }, { "trust": 2.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-220/" }, { "trust": 2.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-240/" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "trust": 1.8, "url": "https://www.opendesign.com/security-advisories" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25178" }, { "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-047-01" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu92291213/index.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1047" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0577" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031102" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-06" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-243" }, { "db": "ZDI", "id": "ZDI-21-240" }, { "db": "ZDI", "id": "ZDI-21-220" }, { "db": "VULHUB", "id": "VHN-383907" }, { "db": "VULMON", "id": "CVE-2021-25178" }, { "db": "JVNDB", "id": "JVNDB-2021-002749" }, { "db": "CNNVD", "id": "CNNVD-202101-1314" }, { "db": "NVD", "id": "CVE-2021-25178" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-243", "ident": null }, { "db": "ZDI", "id": "ZDI-21-240", "ident": null }, { "db": "ZDI", "id": "ZDI-21-220", "ident": null }, { "db": "VULHUB", "id": "VHN-383907", "ident": null }, { "db": "VULMON", "id": "CVE-2021-25178", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-002749", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202101-1314", "ident": null }, { "db": "NVD", "id": "CVE-2021-25178", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-243", "ident": null }, { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-240", "ident": null }, { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-220", "ident": null }, { "date": "2021-01-18T00:00:00", "db": "VULHUB", "id": "VHN-383907", "ident": null }, { "date": "2021-01-18T00:00:00", "db": "VULMON", "id": "CVE-2021-25178", "ident": null }, { "date": "2021-09-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-002749", "ident": null }, { "date": "2021-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-1314", "ident": null }, { "date": "2021-01-18T08:15:13.337000", "db": "NVD", "id": "CVE-2021-25178", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-243", "ident": null }, { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-240", "ident": null }, { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-220", "ident": null }, { "date": "2022-04-08T00:00:00", "db": "VULHUB", "id": "VHN-383907", "ident": null }, { "date": "2021-03-04T00:00:00", "db": "VULMON", "id": "CVE-2021-25178", "ident": null }, { "date": "2021-09-29T08:27:00", "db": "JVNDB", "id": "JVNDB-2021-002749", "ident": null }, { "date": "2022-03-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-1314", "ident": null }, { "date": "2024-11-21T05:54:30.673000", "db": "NVD", "id": "CVE-2021-25178", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-1314" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Open\u00a0Design\u00a0Alliance\u00a0Drawings\u00a0SDK\u00a0 Out-of-bounds Vulnerability in Microsoft", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002749" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-1314" } ], "trust": 0.6 } }
var-202102-0319
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12040). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-12040 Was numbered.Information may be obtained. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.2" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0.2" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-238" }, { "db": "ZDI", "id": "ZDI-21-857" }, { "db": "JVNDB", "id": "JVNDB-2020-015932" }, { "db": "NVD", "id": "CVE-2020-26998" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-26998" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-857" }, { "db": "CNNVD", "id": "CNNVD-202102-876" } ], "trust": 1.3 }, "cve": "CVE-2020-26998", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.1, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-26998", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-26998", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-26998", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-26998", "trust": 1.8, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2020-26998", "trust": 1.4, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202102-876", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-26998", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-238" }, { "db": "ZDI", "id": "ZDI-21-857" }, { "db": "VULMON", "id": "CVE-2020-26998" }, { "db": "JVNDB", "id": "JVNDB-2020-015932" }, { "db": "NVD", "id": "CVE-2020-26998" }, { "db": "CNNVD", "id": "CNNVD-202102-876" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.2), Teamcenter Visualization (All versions \u003c V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12040). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-12040 Was numbered.Information may be obtained. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files", "sources": [ { "db": "NVD", "id": "CVE-2020-26998" }, { "db": "JVNDB", "id": "JVNDB-2020-015932" }, { "db": "ZDI", "id": "ZDI-21-238" }, { "db": "ZDI", "id": "ZDI-21-857" }, { "db": "VULMON", "id": "CVE-2020-26998" } ], "trust": 2.97 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-26998", "trust": 3.9 }, { "db": "ZDI", "id": "ZDI-21-238", "trust": 3.2 }, { "db": "ZDI", "id": "ZDI-21-857", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-695540", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-663999", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2020-015932", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12040", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13407", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.1836", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0495", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-147-04", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-040-06", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202102-876", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-26998", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-238" }, { "db": "ZDI", "id": "ZDI-21-857" }, { "db": "VULMON", "id": "CVE-2020-26998" }, { "db": "JVNDB", "id": "JVNDB-2020-015932" }, { "db": "NVD", "id": "CVE-2020-26998" }, { "db": "CNNVD", "id": "CNNVD-202102-876" } ] }, "id": "VAR-202102-0319", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:30:16.566000Z", "patch": { "_id": null, "data": [ { "title": "SSA-663999 Siemens\u00a0Security\u00a0Advisory", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "title": " https://us-cert.cisa.gov/ics/advisories/icsa-21-147-04", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-147-04https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "title": "JT2Go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=141297" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=22012358d4c381f4f14edecd2684a63a" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=1c3bdb36e22f42f5b9339f0ff806382c" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-238" }, { "db": "ZDI", "id": "ZDI-21-857" }, { "db": "VULMON", "id": "CVE-2020-26998" }, { "db": "JVNDB", "id": "JVNDB-2020-015932" }, { "db": "CNNVD", "id": "CNNVD-202102-876" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015932" }, { "db": "NVD", "id": "CVE-2020-26998" } ] }, "references": { "_id": null, "data": [ { "trust": 2.5, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-238/" }, { "trust": 2.5, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-857/" }, { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "trust": 1.3, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-147-04" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26998" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-147-04https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0495" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1836" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-238" }, { "db": "ZDI", "id": "ZDI-21-857" }, { "db": "VULMON", "id": "CVE-2020-26998" }, { "db": "JVNDB", "id": "JVNDB-2020-015932" }, { "db": "NVD", "id": "CVE-2020-26998" }, { "db": "CNNVD", "id": "CNNVD-202102-876" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-238", "ident": null }, { "db": "ZDI", "id": "ZDI-21-857", "ident": null }, { "db": "VULMON", "id": "CVE-2020-26998", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015932", "ident": null }, { "db": "NVD", "id": "CVE-2020-26998", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202102-876", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-238", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-857", "ident": null }, { "date": "2021-02-09T00:00:00", "db": "VULMON", "id": "CVE-2020-26998", "ident": null }, { "date": "2021-10-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015932", "ident": null }, { "date": "2021-02-09T17:15:13.767000", "db": "NVD", "id": "CVE-2020-26998", "ident": null }, { "date": "2021-02-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-876", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-06-08T00:00:00", "db": "ZDI", "id": "ZDI-21-238", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-857", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "VULMON", "id": "CVE-2020-26998", "ident": null }, { "date": "2021-10-25T07:20:00", "db": "JVNDB", "id": "JVNDB-2020-015932", "ident": null }, { "date": "2022-02-22T14:14:58.653000", "db": "NVD", "id": "CVE-2020-26998", "ident": null }, { "date": "2021-07-20T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-876", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-876" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015932" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-876" } ], "trust": 0.6 } }
var-202112-0804
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0804", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44005" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44005" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro\u2019s Zero Day Initiative and Jin Huang from ADLab reported these vulnerabilities.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1196" } ], "trust": 0.6 }, "cve": "CVE-2021-44005", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-44005", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202112-1196", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44005" }, { "db": "CNNVD", "id": "CNNVD-202112-1196" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process.", "sources": [ { "db": "NVD", "id": "CVE-2021-44005" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SIEMENS", "id": "SSA-595101", "trust": 1.6 }, { "db": "NVD", "id": "CVE-2021-44005", "trust": 1.6 }, { "db": "CS-HELP", "id": "SB2022010614", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-350-10", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4300", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202112-1196", "trust": 0.6 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44005" }, { "db": "CNNVD", "id": "CNNVD-202112-1196" } ] }, "id": "VAR-202112-0804", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:43:41.519000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens Jt2go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=175270" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1196" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44005" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44005" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-10" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4300" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010614" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44005" }, { "db": "CNNVD", "id": "CNNVD-202112-1196" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "NVD", "id": "CVE-2021-44005" }, { "db": "CNNVD", "id": "CNNVD-202112-1196" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-14T12:15:10.300000", "db": "NVD", "id": "CVE-2021-44005" }, { "date": "2021-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1196" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-15T13:26:57.377000", "db": "NVD", "id": "CVE-2021-44005" }, { "date": "2022-01-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1196" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1196" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Jt2go Buffer error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1196" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1196" } ], "trust": 0.6 } }
var-202107-1402
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13343). JT2Go and Teamcenter Visualization There are input validation and out-of-bounds read vulnerabilities. Zero Day Initiative To this vulnerability ZDI-CAN-13343 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIF files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-836" }, { "db": "JVNDB", "id": "JVNDB-2021-009329" }, { "db": "NVD", "id": "CVE-2021-34307" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34307" } ] }, "credits": { "_id": null, "data": "Brian Gorenc of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-836" }, { "db": "CNNVD", "id": "CNNVD-202107-883" } ], "trust": 1.3 }, "cve": "CVE-2021-34307", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34307", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34307", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2021-34307", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34307", "trust": 1.8, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2021-34307", "trust": 0.7, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202107-883", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-34307", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-836" }, { "db": "VULMON", "id": "CVE-2021-34307" }, { "db": "JVNDB", "id": "JVNDB-2021-009329" }, { "db": "NVD", "id": "CVE-2021-34307" }, { "db": "CNNVD", "id": "CNNVD-202107-883" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13343). JT2Go and Teamcenter Visualization There are input validation and out-of-bounds read vulnerabilities. Zero Day Initiative To this vulnerability ZDI-CAN-13343 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIF files", "sources": [ { "db": "NVD", "id": "CVE-2021-34307" }, { "db": "JVNDB", "id": "JVNDB-2021-009329" }, { "db": "ZDI", "id": "ZDI-21-836" }, { "db": "VULMON", "id": "CVE-2021-34307" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34307", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-836", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009329", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13343", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-883", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34307", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-836" }, { "db": "VULMON", "id": "CVE-2021-34307" }, { "db": "JVNDB", "id": "JVNDB-2021-009329" }, { "db": "NVD", "id": "CVE-2021-34307" }, { "db": "CNNVD", "id": "CNNVD-202107-883" } ] }, "id": "VAR-202107-1402", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:54:08.311000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=156576" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-836" }, { "db": "VULMON", "id": "CVE-2021-34307" }, { "db": "JVNDB", "id": "JVNDB-2021-009329" }, { "db": "CNNVD", "id": "CNNVD-202107-883" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009329" }, { "db": "NVD", "id": "CVE-2021-34307" } ] }, "references": { "_id": null, "data": [ { "trust": 3.1, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-836/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34307" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-836" }, { "db": "VULMON", "id": "CVE-2021-34307" }, { "db": "JVNDB", "id": "JVNDB-2021-009329" }, { "db": "NVD", "id": "CVE-2021-34307" }, { "db": "CNNVD", "id": "CNNVD-202107-883" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-836", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34307", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009329", "ident": null }, { "db": "NVD", "id": "CVE-2021-34307", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-883", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-836", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34307", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009329", "ident": null }, { "date": "2021-07-13T11:15:11.437000", "db": "NVD", "id": "CVE-2021-34307", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-883", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-836", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "VULMON", "id": "CVE-2021-34307", "ident": null }, { "date": "2022-04-20T08:48:00", "db": "JVNDB", "id": "JVNDB-2021-009329", "ident": null }, { "date": "2022-10-27T12:23:47.327000", "db": "NVD", "id": "CVE-2021-34307", "ident": null }, { "date": "2022-10-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-883", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-883" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009329" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-883" } ], "trust": 0.6 } }
var-202309-0576
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20824). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of WRL files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202309-0576", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.6" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.3.0.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.4.0.12" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.11" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.3.0.1" }, { "model": "tecnomatix plant simulation", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2021.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.2" }, { "model": "tecnomatix plant simulation", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2302.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.3" }, { "model": "tecnomatix plant simulation", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2201.0010" }, { "model": "tecnomatix plant simulation", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2302.0004" }, { "model": "tecnomatix plant simulation", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1631" }, { "db": "NVD", "id": "CVE-2023-38071" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-23-1631" } ], "trust": 0.7 }, "cve": "CVE-2023-38071", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2023-38071", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2023-38071", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2023-38071", "trust": 1.0, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2023-38071", "trust": 1.0, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2023-38071", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1631" }, { "db": "NVD", "id": "CVE-2023-38071" }, { "db": "NVD", "id": "CVE-2023-38071" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.1), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions \u003c V2201.0010), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20824). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of WRL files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer", "sources": [ { "db": "NVD", "id": "CVE-2023-38071" }, { "db": "ZDI", "id": "ZDI-23-1631" }, { "db": "VULMON", "id": "CVE-2023-38071" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-38071", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-278349", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-478780", "trust": 1.0 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-20824", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-1631", "trust": 0.7 }, { "db": "VULMON", "id": "CVE-2023-38071", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1631" }, { "db": "VULMON", "id": "CVE-2023-38071" }, { "db": "NVD", "id": "CVE-2023-38071" } ] }, "id": "VAR-202309-0576", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.2690208 }, "last_update_date": "2024-08-14T13:04:52.981000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-278349.html" } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1631" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "CWE-122", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-38071" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" }, { "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-278349.html" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/122.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1631" }, { "db": "VULMON", "id": "CVE-2023-38071" }, { "db": "NVD", "id": "CVE-2023-38071" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-23-1631" }, { "db": "VULMON", "id": "CVE-2023-38071" }, { "db": "NVD", "id": "CVE-2023-38071" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-14T00:00:00", "db": "ZDI", "id": "ZDI-23-1631" }, { "date": "2023-09-12T00:00:00", "db": "VULMON", "id": "CVE-2023-38071" }, { "date": "2023-09-12T10:15:27.767000", "db": "NVD", "id": "CVE-2023-38071" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-14T00:00:00", "db": "ZDI", "id": "ZDI-23-1631" }, { "date": "2023-09-12T00:00:00", "db": "VULMON", "id": "CVE-2023-38071" }, { "date": "2024-02-16T15:08:29.737000", "db": "NVD", "id": "CVE-2023-38071" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Tecnomatix Plant Simulation WRL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-23-1631" } ], "trust": 0.7 } }
var-202306-0899
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens' JT2Go and Teamcenter Visualization for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202306-0899", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.3" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.10" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.3" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.2" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.13" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.6" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.8" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008590" }, { "db": "NVD", "id": "CVE-2023-33121" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.2.0.3", "versionStartIncluding": "14.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.2.0.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.13", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.10", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.6", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.8", "versionStartIncluding": "14.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-33121" } ] }, "cve": "CVE-2023-33121", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "productcert@siemens.com", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2023-33121", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-33121", "trust": 1.8, "value": "MEDIUM" }, { "author": "productcert@siemens.com", "id": "CVE-2023-33121", "trust": 1.0, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202306-873", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008590" }, { "db": "NVD", "id": "CVE-2023-33121" }, { "db": "NVD", "id": "CVE-2023-33121" }, { "db": "CNNVD", "id": "CNNVD-202306-873" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.2.0.3), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.13), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.10), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.6), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.8), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.3). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens\u0027 JT2Go and Teamcenter Visualization for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-33121" }, { "db": "JVNDB", "id": "JVNDB-2023-008590" }, { "db": "VULMON", "id": "CVE-2023-33121" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-33121", "trust": 3.3 }, { "db": "SIEMENS", "id": "SSA-538795", "trust": 2.5 }, { "db": "ICS CERT", "id": "ICSA-23-166-14", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU99464755", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-008590", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202306-873", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-33121", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-33121" }, { "db": "JVNDB", "id": "JVNDB-2023-008590" }, { "db": "NVD", "id": "CVE-2023-33121" }, { "db": "CNNVD", "id": "CNNVD-202306-873" } ] }, "id": "VAR-202306-0899", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:19:29.115000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens JT2Go Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=242501" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-873" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.0 }, { "problemtype": "NULL Pointer dereference (CWE-476) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008590" }, { "db": "NVD", "id": "CVE-2023-33121" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu99464755/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-33121" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-14" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-33121/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-33121" }, { "db": "JVNDB", "id": "JVNDB-2023-008590" }, { "db": "NVD", "id": "CVE-2023-33121" }, { "db": "CNNVD", "id": "CNNVD-202306-873" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2023-33121" }, { "db": "JVNDB", "id": "JVNDB-2023-008590" }, { "db": "NVD", "id": "CVE-2023-33121" }, { "db": "CNNVD", "id": "CNNVD-202306-873" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-13T00:00:00", "db": "VULMON", "id": "CVE-2023-33121" }, { "date": "2023-12-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-008590" }, { "date": "2023-06-13T09:15:18.323000", "db": "NVD", "id": "CVE-2023-33121" }, { "date": "2023-06-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202306-873" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-13T00:00:00", "db": "VULMON", "id": "CVE-2023-33121" }, { "date": "2023-12-01T08:15:00", "db": "JVNDB", "id": "JVNDB-2023-008590" }, { "date": "2023-06-21T20:15:37.563000", "db": "NVD", "id": "CVE-2023-33121" }, { "date": "2023-06-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202306-873" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-873" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008590" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-873" } ], "trust": 0.6 } }
var-202107-1382
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13060). JT2Go and Teamcenter Visualization There is a vulnerability related to input verification and a vulnerability related to the use of freed memory. Zero Day Initiative To this vulnerability ZDI-CAN-13060 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BMP files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-872" }, { "db": "JVNDB", "id": "JVNDB-2021-009340" }, { "db": "NVD", "id": "CVE-2021-34298" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34298" } ] }, "credits": { "_id": null, "data": "xina1i at SecZone", "sources": [ { "db": "ZDI", "id": "ZDI-21-872" } ], "trust": 0.7 }, "cve": "CVE-2021-34298", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34298", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34298", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34298", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34298", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34298", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-873", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-34298", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-872" }, { "db": "VULMON", "id": "CVE-2021-34298" }, { "db": "JVNDB", "id": "JVNDB-2021-009340" }, { "db": "NVD", "id": "CVE-2021-34298" }, { "db": "CNNVD", "id": "CNNVD-202107-873" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13060). JT2Go and Teamcenter Visualization There is a vulnerability related to input verification and a vulnerability related to the use of freed memory. Zero Day Initiative To this vulnerability ZDI-CAN-13060 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BMP files", "sources": [ { "db": "NVD", "id": "CVE-2021-34298" }, { "db": "JVNDB", "id": "JVNDB-2021-009340" }, { "db": "ZDI", "id": "ZDI-21-872" }, { "db": "VULMON", "id": "CVE-2021-34298" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34298", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-872", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009340", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13060", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-873", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34298", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-872" }, { "db": "VULMON", "id": "CVE-2021-34298" }, { "db": "JVNDB", "id": "JVNDB-2021-009340" }, { "db": "NVD", "id": "CVE-2021-34298" }, { "db": "CNNVD", "id": "CNNVD-202107-873" } ] }, "id": "VAR-202107-1382", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:16:00.221000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156566" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-872" }, { "db": "VULMON", "id": "CVE-2021-34298" }, { "db": "JVNDB", "id": "JVNDB-2021-009340" }, { "db": "CNNVD", "id": "CNNVD-202107-873" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-416", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Use of freed memory (CWE-416) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009340" }, { "db": "NVD", "id": "CVE-2021-34298" } ] }, "references": { "_id": null, "data": [ { "trust": 2.5, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-872/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34298" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-872" }, { "db": "VULMON", "id": "CVE-2021-34298" }, { "db": "JVNDB", "id": "JVNDB-2021-009340" }, { "db": "NVD", "id": "CVE-2021-34298" }, { "db": "CNNVD", "id": "CNNVD-202107-873" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-872", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34298", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009340", "ident": null }, { "db": "NVD", "id": "CVE-2021-34298", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-873", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-872", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34298", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009340", "ident": null }, { "date": "2021-07-13T11:15:10.747000", "db": "NVD", "id": "CVE-2021-34298", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-873", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-872", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "VULMON", "id": "CVE-2021-34298", "ident": null }, { "date": "2022-04-20T09:04:00", "db": "JVNDB", "id": "JVNDB-2021-009340", "ident": null }, { "date": "2021-07-27T14:31:29.447000", "db": "NVD", "id": "CVE-2021-34298", "ident": null }, { "date": "2021-08-02T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-873", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-873" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009340" } ], "trust": 0.8 }, "type": { "_id": null, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-873" } ], "trust": 0.6 } }
var-202106-1188
Vulnerability from variot
An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DXF files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.1" }, { "_id": null, "model": "drawings sdk", "scope": "lt", "trust": 1.0, "vendor": "opendesign", "version": "2022.4" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.1" }, { "_id": null, "model": "comos", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "10.4.1" }, { "_id": null, "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": "2022.4 all previous s - cve-2021-32938 , cve-2021-32936 , cve-2021-32940 , cve-2021-32948 , cve-2021-32950 , cve-2021-32944" }, { "_id": null, "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": "2022.5 all previous s - cve-2021-32946 , cve-2021-32952" }, { "_id": null, "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null }, { "_id": null, "model": "solid edge viewer", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-982" }, { "db": "ZDI", "id": "ZDI-23-206" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "NVD", "id": "CVE-2021-32936" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-982" }, { "db": "ZDI", "id": "ZDI-23-206" }, { "db": "CNNVD", "id": "CNNVD-202106-680" } ], "trust": 2.0 }, "cve": "CVE-2021-32936", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-32936", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-392922", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-32936", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-32936", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "IPA", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2021-001881", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2021-32936", "trust": 1.4, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2021-32936", "trust": 1.0, "value": "HIGH" }, { "author": "IPA", "id": "JVNDB-2021-001881", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202106-680", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-392922", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-32936", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-982" }, { "db": "ZDI", "id": "ZDI-23-206" }, { "db": "VULHUB", "id": "VHN-392922" }, { "db": "VULMON", "id": "CVE-2021-32936" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-680" }, { "db": "NVD", "id": "CVE-2021-32936" } ] }, "description": { "_id": null, "data": "An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DXF files. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-32936" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "ZDI", "id": "ZDI-21-982" }, { "db": "ZDI", "id": "ZDI-23-206" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-392922" }, { "db": "VULMON", "id": "CVE-2021-32936" } ], "trust": 3.6 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-32936", "trust": 4.8 }, { "db": "ICS CERT", "id": "ICSA-21-159-02", "trust": 2.6 }, { "db": "ZDI", "id": "ZDI-21-982", "trust": 2.5 }, { "db": "SIEMENS", "id": "SSA-155599", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-491245", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-365397", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU97514209", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95145431", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-23-047-01", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-001881", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13408", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19072", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-206", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-22-069-06", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.0960", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2700", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1047", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2046", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031102", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021081108", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021060909", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-222-01", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202106-680", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-392922", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-32936", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-982" }, { "db": "ZDI", "id": "ZDI-23-206" }, { "db": "VULHUB", "id": "VHN-392922" }, { "db": "VULMON", "id": "CVE-2021-32936" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-680" }, { "db": "NVD", "id": "CVE-2021-32936" } ] }, "id": "VAR-202106-1188", "iot": { "_id": null, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-392922" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T12:34:26.202000Z", "patch": { "_id": null, "data": [ { "title": "Open\u00a0Design\u00a0Alliance\u00a0( Login required ) Open\u00a0Design\u00a0Alliance", "trust": 0.8, "url": "https://docs.opendesign.com/td/frames.html?frmname=topic\u0026frmfile=MovingToNewVersion.html" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-491245.html" }, { "title": "Open Design Alliance Drawings SDK Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=153330" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=dce38d2a1ec28e091a143e851596b2e8" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b2237aa5ac819041f827cc4fd4128631" }, { "title": "", "trust": 0.1, "url": "https://github.com/Live-Hack-CVE/CVE-2021-32936 " } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-982" }, { "db": "ZDI", "id": "ZDI-23-206" }, { "db": "VULMON", "id": "CVE-2021-32936" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202106-680" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "Out-of-bounds read (CWE-125) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Use of freed memory (CWE-416) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Improper checking in exceptional conditions (CWE-754) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [IPA evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-392922" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "NVD", "id": "CVE-2021-32936" } ] }, "references": { "_id": null, "data": [ { "trust": 2.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "trust": 2.5, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-982/" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32936" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu95145431" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu97514209/index.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32938" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32940" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32944" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32946" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32948" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32950" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32952" }, { "trust": 0.8, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-047-01" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-491245.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1047" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2046" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021081108" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.0960" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2700" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021060909" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031102" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-06" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-32936" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-155599.txt" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-06" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-982" }, { "db": "ZDI", "id": "ZDI-23-206" }, { "db": "VULHUB", "id": "VHN-392922" }, { "db": "VULMON", "id": "CVE-2021-32936" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-680" }, { "db": "NVD", "id": "CVE-2021-32936" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-982", "ident": null }, { "db": "ZDI", "id": "ZDI-23-206", "ident": null }, { "db": "VULHUB", "id": "VHN-392922", "ident": null }, { "db": "VULMON", "id": "CVE-2021-32936", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-001881", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202106-680", "ident": null }, { "db": "NVD", "id": "CVE-2021-32936", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-982", "ident": null }, { "date": "2023-03-01T00:00:00", "db": "ZDI", "id": "ZDI-23-206", "ident": null }, { "date": "2021-06-17T00:00:00", "db": "VULHUB", "id": "VHN-392922", "ident": null }, { "date": "2021-06-17T00:00:00", "db": "VULMON", "id": "CVE-2021-32936", "ident": null }, { "date": "2021-06-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-001881", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2021-06-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-680", "ident": null }, { "date": "2021-06-17T13:15:07.747000", "db": "NVD", "id": "CVE-2021-32936", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-982", "ident": null }, { "date": "2023-03-01T00:00:00", "db": "ZDI", "id": "ZDI-23-206", "ident": null }, { "date": "2023-02-14T00:00:00", "db": "VULHUB", "id": "VHN-392922", "ident": null }, { "date": "2023-02-14T00:00:00", "db": "VULMON", "id": "CVE-2021-32936", "ident": null }, { "date": "2023-02-17T05:48:00", "db": "JVNDB", "id": "JVNDB-2021-001881", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2023-02-17T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-680", "ident": null }, { "date": "2023-02-14T12:15:10.893000", "db": "NVD", "id": "CVE-2021-32936", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202106-680" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Open\u00a0Design\u00a0Alliance\u00a0 Made \u00a0Drawings\u00a0SDK\u00a0 Multiple vulnerabilities in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001881" } ], "trust": 0.8 }, "type": { "_id": null, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
var-202101-0388
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of SGI and RGB files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11992). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-11992 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SGI and RGB files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment.
JT2Go and Teamcenter Visualization has an unspecified vulnerability
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": null, "trust": 2.1, "vendor": "siemens", "version": null }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-242" }, { "db": "ZDI", "id": "ZDI-21-241" }, { "db": "ZDI", "id": "ZDI-21-060" }, { "db": "CNVD", "id": "CNVD-2021-02576" }, { "db": "JVNDB", "id": "JVNDB-2020-015259" }, { "db": "NVD", "id": "CVE-2020-26995" } ] }, "credits": { "_id": null, "data": "Francis Provencher {PRL}", "sources": [ { "db": "ZDI", "id": "ZDI-21-242" }, { "db": "ZDI", "id": "ZDI-21-241" } ], "trust": 1.4 }, "cve": "CVE-2020-26995", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-26995", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2021-02576", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-26995", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2020-26995", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-26995", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2020-26995", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2020-26995", "trust": 1.4, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2020-26995", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2020-26995", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2020-26995", "trust": 0.7, "value": "LOW" }, { "author": "CNVD", "id": "CNVD-2021-02576", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202101-839", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-242" }, { "db": "ZDI", "id": "ZDI-21-241" }, { "db": "ZDI", "id": "ZDI-21-060" }, { "db": "CNVD", "id": "CNVD-2021-02576" }, { "db": "JVNDB", "id": "JVNDB-2020-015259" }, { "db": "CNNVD", "id": "CNNVD-202101-839" }, { "db": "NVD", "id": "CVE-2020-26995" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of SGI and RGB files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11992). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-11992 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SGI and RGB files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment. \n\r\n\r\nJT2Go and Teamcenter Visualization has an unspecified vulnerability", "sources": [ { "db": "NVD", "id": "CVE-2020-26995" }, { "db": "JVNDB", "id": "JVNDB-2020-015259" }, { "db": "ZDI", "id": "ZDI-21-242" }, { "db": "ZDI", "id": "ZDI-21-241" }, { "db": "ZDI", "id": "ZDI-21-060" }, { "db": "CNVD", "id": "CNVD-2021-02576" } ], "trust": 4.05 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-26995", "trust": 5.1 }, { "db": "ZDI", "id": "ZDI-21-060", "trust": 3.1 }, { "db": "ZDI", "id": "ZDI-21-242", "trust": 2.3 }, { "db": "ZDI", "id": "ZDI-21-241", "trust": 2.3 }, { "db": "SIEMENS", "id": "SSA-622830", "trust": 2.2 }, { "db": "JVN", "id": "JVNVU91685542", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015259", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12176", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12168", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11992", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2021-02576", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-012-03", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0125", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-839", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-242" }, { "db": "ZDI", "id": "ZDI-21-241" }, { "db": "ZDI", "id": "ZDI-21-060" }, { "db": "CNVD", "id": "CNVD-2021-02576" }, { "db": "JVNDB", "id": "JVNDB-2020-015259" }, { "db": "CNNVD", "id": "CNNVD-202101-839" }, { "db": "NVD", "id": "CVE-2020-26995" } ] }, "id": "VAR-202101-0388", "iot": { "_id": null, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-02576" } ], "trust": 0.06 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02576" } ] }, "last_update_date": "2024-11-23T20:11:15.871000Z", "patch": { "_id": null, "data": [ { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03" }, { "title": "SSA-622830", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "title": "Patch for Unspecified vulnerability exists in JT2Go and Teamcenter Visualization (CNVD-2021-02576)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/243964" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139352" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-242" }, { "db": "ZDI", "id": "ZDI-21-241" }, { "db": "ZDI", "id": "ZDI-21-060" }, { "db": "CNVD", "id": "CNVD-2021-02576" }, { "db": "JVNDB", "id": "JVNDB-2020-015259" }, { "db": "CNNVD", "id": "CNNVD-202101-839" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015259" }, { "db": "NVD", "id": "CVE-2020-26995" } ] }, "references": { "_id": null, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-060/" }, { "trust": 2.2, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "trust": 2.0, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03" }, { "trust": 1.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-241/" }, { "trust": 1.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-242/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26995" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91685542/" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0125/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-242" }, { "db": "ZDI", "id": "ZDI-21-241" }, { "db": "ZDI", "id": "ZDI-21-060" }, { "db": "CNVD", "id": "CNVD-2021-02576" }, { "db": "JVNDB", "id": "JVNDB-2020-015259" }, { "db": "CNNVD", "id": "CNNVD-202101-839" }, { "db": "NVD", "id": "CVE-2020-26995" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-242", "ident": null }, { "db": "ZDI", "id": "ZDI-21-241", "ident": null }, { "db": "ZDI", "id": "ZDI-21-060", "ident": null }, { "db": "CNVD", "id": "CNVD-2021-02576", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015259", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202101-839", "ident": null }, { "db": "NVD", "id": "CVE-2020-26995", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-242", "ident": null }, { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-241", "ident": null }, { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-060", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02576", "ident": null }, { "date": "2021-09-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015259", "ident": null }, { "date": "2021-01-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-839", "ident": null }, { "date": "2021-01-12T21:15:17.573000", "db": "NVD", "id": "CVE-2020-26995", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-242", "ident": null }, { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-241", "ident": null }, { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-060", "ident": null }, { "date": "2021-02-04T00:00:00", "db": "CNVD", "id": "CNVD-2021-02576", "ident": null }, { "date": "2021-09-15T08:32:00", "db": "JVNDB", "id": "JVNDB-2020-015259", "ident": null }, { "date": "2021-02-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-839", "ident": null }, { "date": "2024-11-21T05:20:38.950000", "db": "NVD", "id": "CVE-2020-26995", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-839" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds Vulnerability in Microsoft", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015259" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-839" } ], "trust": 0.6 } }
var-202107-1428
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in double free of an allocated buffer that leads to a crash. An attacker could leverage this vulnerability to cause denial of service condition. (CNVD-C-2021-79295). JT2Go and Teamcenter Visualization There is a double release vulnerability in.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-1428", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009268" }, { "db": "NVD", "id": "CVE-2021-34333" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34333" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Brian Gorenc and Mat Powell of Trend Micro Zero Day Initiative; garmin and xina1i at SecZone; and Tran Van Khang - khangkito (VinCSS) working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-932" } ], "trust": 0.6 }, "cve": "CVE-2021-34333", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-34333", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-34333", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34333", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-932", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-34333", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-34333" }, { "db": "JVNDB", "id": "JVNDB-2021-009268" }, { "db": "NVD", "id": "CVE-2021-34333" }, { "db": "CNNVD", "id": "CNNVD-202107-932" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in double free of an allocated buffer that leads to a crash. An attacker could leverage this vulnerability to cause denial of service condition. (CNVD-C-2021-79295). JT2Go and Teamcenter Visualization There is a double release vulnerability in.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-34333" }, { "db": "JVNDB", "id": "JVNDB-2021-009268" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-34333" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-34333", "trust": 3.3 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009268", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021071508", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-932", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34333", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-34333" }, { "db": "JVNDB", "id": "JVNDB-2021-009268" }, { "db": "NVD", "id": "CVE-2021-34333" }, { "db": "CNNVD", "id": "CNNVD-202107-932" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "id": "VAR-202107-1428", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:28:12.295000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156625" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-34333" }, { "db": "JVNDB", "id": "JVNDB-2021-009268" }, { "db": "CNNVD", "id": "CNNVD-202107-932" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-415", "trust": 1.0 }, { "problemtype": "Double release (CWE-415) [ Other ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009268" }, { "db": "NVD", "id": "CVE-2021-34333" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34333" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071508" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/415.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-483182.txt" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-34333" }, { "db": "JVNDB", "id": "JVNDB-2021-009268" }, { "db": "NVD", "id": "CVE-2021-34333" }, { "db": "CNNVD", "id": "CNNVD-202107-932" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-34333" }, { "db": "JVNDB", "id": "JVNDB-2021-009268" }, { "db": "NVD", "id": "CVE-2021-34333" }, { "db": "CNNVD", "id": "CNNVD-202107-932" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34333" }, { "date": "2022-04-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009268" }, { "date": "2021-07-13T11:15:13.500000", "db": "NVD", "id": "CVE-2021-34333" }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-932" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-15T00:00:00", "db": "VULMON", "id": "CVE-2021-34333" }, { "date": "2022-04-19T08:19:00", "db": "JVNDB", "id": "JVNDB-2021-009268" }, { "date": "2021-07-15T18:08:54.833000", "db": "NVD", "id": "CVE-2021-34333" }, { "date": "2021-07-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-932" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-932" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Double release vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009268" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-932" } ], "trust": 0.6 } }
var-202309-0575
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20818). Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of WRL files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202309-0575", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "tecnomatix plant simulation", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2201.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.6" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.3" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.3.0.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.4.0.12" }, { "model": "tecnomatix plant simulation", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2201.0010" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.3.0.1" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.2" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.11" }, { "model": "tecnomatix plant simulation", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "2302.0004" }, { "model": "tecnomatix plant simulation", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2302.0" }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "tecnomatix plant simulation", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1632" }, { "db": "JVNDB", "id": "JVNDB-2023-012160" }, { "db": "NVD", "id": "CVE-2023-38070" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-23-1632" } ], "trust": 0.7 }, "cve": "CVE-2023-38070", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2023-38070", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "OTHER", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2023-012160", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2023-38070", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2023-38070", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2023-012160", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2023-38070", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1632" }, { "db": "JVNDB", "id": "JVNDB-2023-012160" }, { "db": "NVD", "id": "CVE-2023-38070" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.1), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions \u003c V2201.0010), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0004). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20818). Siemens\u0027 JT2Go and Teamcenter Visualization Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of WRL files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer", "sources": [ { "db": "NVD", "id": "CVE-2023-38070" }, { "db": "JVNDB", "id": "JVNDB-2023-012160" }, { "db": "ZDI", "id": "ZDI-23-1632" }, { "db": "VULMON", "id": "CVE-2023-38070" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-38070", "trust": 3.4 }, { "db": "SIEMENS", "id": "SSA-278349", "trust": 1.9 }, { "db": "SIEMENS", "id": "SSA-478780", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU92598492", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU98137233", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-012160", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-20818", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-1632", "trust": 0.7 }, { "db": "VULMON", "id": "CVE-2023-38070", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1632" }, { "db": "VULMON", "id": "CVE-2023-38070" }, { "db": "JVNDB", "id": "JVNDB-2023-012160" }, { "db": "NVD", "id": "CVE-2023-38070" } ] }, "id": "VAR-202309-0575", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.2690208 }, "last_update_date": "2024-08-14T13:13:21.562000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-278349.html" } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1632" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-012160" }, { "db": "NVD", "id": "CVE-2023-38070" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu98137233/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu92598492/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38070" }, { "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-278349.html" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/121.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1632" }, { "db": "VULMON", "id": "CVE-2023-38070" }, { "db": "JVNDB", "id": "JVNDB-2023-012160" }, { "db": "NVD", "id": "CVE-2023-38070" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-23-1632" }, { "db": "VULMON", "id": "CVE-2023-38070" }, { "db": "JVNDB", "id": "JVNDB-2023-012160" }, { "db": "NVD", "id": "CVE-2023-38070" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-14T00:00:00", "db": "ZDI", "id": "ZDI-23-1632" }, { "date": "2023-09-12T00:00:00", "db": "VULMON", "id": "CVE-2023-38070" }, { "date": "2023-12-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-012160" }, { "date": "2023-09-12T10:15:27.460000", "db": "NVD", "id": "CVE-2023-38070" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-14T00:00:00", "db": "ZDI", "id": "ZDI-23-1632" }, { "date": "2023-09-12T00:00:00", "db": "VULMON", "id": "CVE-2023-38070" }, { "date": "2024-02-22T02:05:00", "db": "JVNDB", "id": "JVNDB-2023-012160" }, { "date": "2024-01-25T21:01:28.467000", "db": "NVD", "id": "CVE-2023-38070" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds write vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-012160" } ], "trust": 0.8 } }
var-202112-0798
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer while parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15101). This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0798", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-007" }, { "db": "NVD", "id": "CVE-2021-44011" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44011" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-22-007" }, { "db": "CNNVD", "id": "CNNVD-202112-1202" } ], "trust": 1.3 }, "cve": "CVE-2021-44011", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-44011", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2021-44011", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-44011", "trust": 1.0, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2021-44011", "trust": 0.7, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202112-1202", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-44011", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-007" }, { "db": "VULMON", "id": "CVE-2021-44011" }, { "db": "NVD", "id": "CVE-2021-44011" }, { "db": "CNNVD", "id": "CNNVD-202112-1202" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer while parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15101). This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files", "sources": [ { "db": "NVD", "id": "CVE-2021-44011" }, { "db": "ZDI", "id": "ZDI-22-007" }, { "db": "VULMON", "id": "CVE-2021-44011" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-44011", "trust": 2.4 }, { "db": "ZDI", "id": "ZDI-22-007", "trust": 2.4 }, { "db": "SIEMENS", "id": "SSA-595101", "trust": 1.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-15101", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022010614", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4300", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-350-10", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202112-1202", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-44011", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-007" }, { "db": "VULMON", "id": "CVE-2021-44011" }, { "db": "NVD", "id": "CVE-2021-44011" }, { "db": "CNNVD", "id": "CNNVD-202112-1202" } ] }, "id": "VAR-202112-0798", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:30:54.285000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdfhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10" }, { "title": "Siemens Jt2go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=174917" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=39139dcd04f2a523ea449623583b65af" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-007" }, { "db": "VULMON", "id": "CVE-2021-44011" }, { "db": "CNNVD", "id": "CNNVD-202112-1202" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44011" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-22-007/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdfhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-10" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4300" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010614" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-007" }, { "db": "VULMON", "id": "CVE-2021-44011" }, { "db": "NVD", "id": "CVE-2021-44011" }, { "db": "CNNVD", "id": "CNNVD-202112-1202" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-22-007" }, { "db": "VULMON", "id": "CVE-2021-44011" }, { "db": "NVD", "id": "CVE-2021-44011" }, { "db": "CNNVD", "id": "CNNVD-202112-1202" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-06T00:00:00", "db": "ZDI", "id": "ZDI-22-007" }, { "date": "2021-12-14T00:00:00", "db": "VULMON", "id": "CVE-2021-44011" }, { "date": "2021-12-14T12:15:10.617000", "db": "NVD", "id": "CVE-2021-44011" }, { "date": "2021-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1202" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-09T00:00:00", "db": "ZDI", "id": "ZDI-22-007" }, { "date": "2022-01-06T00:00:00", "db": "VULMON", "id": "CVE-2021-44011" }, { "date": "2022-03-30T13:17:01.853000", "db": "NVD", "id": "CVE-2021-44011" }, { "date": "2022-01-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1202" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1202" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens JT2Go JT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-22-007" } ], "trust": 0.7 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1202" } ], "trust": 0.6 } }
var-202212-1169
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1169", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.12" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.6" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.8" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "jt2go", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.4" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023189" }, { "db": "NVD", "id": "CVE-2022-41282" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.4", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.8", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.12", "versionStartIncluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-41282" } ] }, "cve": "CVE-2022-41282", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "OTHER", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2022-023189", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2022-41282", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2022-41282", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2022-023189", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202212-3110", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023189" }, { "db": "NVD", "id": "CVE-2022-41282" }, { "db": "NVD", "id": "CVE-2022-41282" }, { "db": "CNNVD", "id": "CNNVD-202212-3110" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. Siemens\u0027 JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-41282" }, { "db": "JVNDB", "id": "JVNDB-2022-023189" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-41282", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-700053", "trust": 2.4 }, { "db": "ICS CERT", "id": "ICSA-22-349-20", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU91561630", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-023189", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202212-3110", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023189" }, { "db": "NVD", "id": "CVE-2022-41282" }, { "db": "CNNVD", "id": "CNNVD-202212-3110" } ] }, "id": "VAR-202212-1169", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:34:50.642000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens part of the product Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=217848" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3110" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023189" }, { "db": "NVD", "id": "CVE-2022-41282" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91561630/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41282" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-20" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-41282/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023189" }, { "db": "NVD", "id": "CVE-2022-41282" }, { "db": "CNNVD", "id": "CNNVD-202212-3110" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2022-023189" }, { "db": "NVD", "id": "CVE-2022-41282" }, { "db": "CNNVD", "id": "CNNVD-202212-3110" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-023189" }, { "date": "2022-12-13T16:15:22.613000", "db": "NVD", "id": "CVE-2022-41282" }, { "date": "2022-12-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3110" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-28T02:21:00", "db": "JVNDB", "id": "JVNDB-2022-023189" }, { "date": "2023-04-11T10:15:16.887000", "db": "NVD", "id": "CVE-2022-41282" }, { "date": "2023-04-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3110" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3110" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023189" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3110" } ], "trust": 0.6 } }
var-202101-1900
Vulnerability from variot
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "drawings software development kit", "scope": "lt", "trust": 1.0, "vendor": "opendesign", "version": "2021.11" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "comos", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "10.4.1" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "drawings sdk", "scope": null, "trust": 0.8, "vendor": "open design alliance", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-219" }, { "db": "JVNDB", "id": "JVNDB-2021-002748" }, { "db": "NVD", "id": "CVE-2021-25177" } ] }, "credits": { "_id": null, "data": "Michael DePlante (@izobashi) of Trend Micro\u0027s Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-219" } ], "trust": 0.7 }, "cve": "CVE-2021-25177", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-25177", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-383906", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-25177", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-25177", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-25177", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-25177", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2021-25177", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2021-25177", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202101-1315", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-383906", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-219" }, { "db": "VULHUB", "id": "VHN-383906" }, { "db": "JVNDB", "id": "JVNDB-2021-002748" }, { "db": "CNNVD", "id": "CNNVD-202101-1315" }, { "db": "NVD", "id": "CVE-2021-25177" } ] }, "description": { "_id": null, "data": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages", "sources": [ { "db": "NVD", "id": "CVE-2021-25177" }, { "db": "JVNDB", "id": "JVNDB-2021-002748" }, { "db": "ZDI", "id": "ZDI-21-219" }, { "db": "VULHUB", "id": "VHN-383906" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-25177", "trust": 3.2 }, { "db": "ZDI", "id": "ZDI-21-219", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-155599", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-663999", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-21-047-01", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU92291213", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-002748", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11927", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-202101-1315", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2022.1047", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0577", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031102", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-069-06", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-040-06", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-383906", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-219" }, { "db": "VULHUB", "id": "VHN-383906" }, { "db": "JVNDB", "id": "JVNDB-2021-002748" }, { "db": "CNNVD", "id": "CNNVD-202101-1315" }, { "db": "NVD", "id": "CVE-2021-25177" } ] }, "id": "VAR-202101-1900", "iot": { "_id": null, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-383906" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T20:48:05.345000Z", "patch": { "_id": null, "data": [ { "title": "Vulnerabilities\u00a0in\u00a0the\u00a0ODA\u00a0Drawings\u00a0Software\u00a0Development\u00a0Kit Siemens Siemens\u00a0Security\u00a0Advisory", "trust": 0.8, "url": "https://www.opendesign.com/security-advisories" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "title": "Open Design Alliance Drawings SDK Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139574" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-219" }, { "db": "JVNDB", "id": "JVNDB-2021-002748" }, { "db": "CNNVD", "id": "CNNVD-202101-1315" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-843", "trust": 1.1 }, { "problemtype": "Wrong type (CWE-843) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-383906" }, { "db": "JVNDB", "id": "JVNDB-2021-002748" }, { "db": "NVD", "id": "CVE-2021-25177" } ] }, "references": { "_id": null, "data": [ { "trust": 2.5, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-219/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "trust": 1.7, "url": "https://www.opendesign.com/security-advisories" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25177" }, { "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-047-01" }, { "trust": 1.3, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu92291213/index.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1047" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0577" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031102" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-06" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-219" }, { "db": "VULHUB", "id": "VHN-383906" }, { "db": "JVNDB", "id": "JVNDB-2021-002748" }, { "db": "CNNVD", "id": "CNNVD-202101-1315" }, { "db": "NVD", "id": "CVE-2021-25177" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-219", "ident": null }, { "db": "VULHUB", "id": "VHN-383906", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-002748", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202101-1315", "ident": null }, { "db": "NVD", "id": "CVE-2021-25177", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-219", "ident": null }, { "date": "2021-01-18T00:00:00", "db": "VULHUB", "id": "VHN-383906", "ident": null }, { "date": "2021-09-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-002748", "ident": null }, { "date": "2021-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-1315", "ident": null }, { "date": "2021-01-18T08:15:13.273000", "db": "NVD", "id": "CVE-2021-25177", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-219", "ident": null }, { "date": "2022-04-08T00:00:00", "db": "VULHUB", "id": "VHN-383906", "ident": null }, { "date": "2021-09-29T08:27:00", "db": "JVNDB", "id": "JVNDB-2021-002748", "ident": null }, { "date": "2022-03-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-1315", "ident": null }, { "date": "2024-11-21T05:54:30.510000", "db": "NVD", "id": "CVE-2021-25177", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-1315" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Open\u00a0Design\u00a0Alliance\u00a0Drawings\u00a0SDK\u00a0 Vulnerability regarding mistyping in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002748" } ], "trust": 0.8 }, "type": { "_id": null, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-1315" } ], "trust": 0.6 } }
var-202401-0191
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202401-0191", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.2" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.3.0.6" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.9" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.3" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.3.0.6" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.12" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.13" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-024622" }, { "db": "NVD", "id": "CVE-2023-51439" } ] }, "cve": "CVE-2023-51439", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-51439", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-51439", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2023-51439", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-024622" }, { "db": "NVD", "id": "CVE-2023-51439" }, { "db": "NVD", "id": "CVE-2023-51439" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.6), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.13), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.12), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.9), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.6). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. Siemens\u0027 JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-51439" }, { "db": "JVNDB", "id": "JVNDB-2023-024622" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-51439", "trust": 2.6 }, { "db": "SIEMENS", "id": "SSA-794653", "trust": 1.8 }, { "db": "ICS CERT", "id": "ICSA-24-011-06", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU92179258", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-024622", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-024622" }, { "db": "NVD", "id": "CVE-2023-51439" } ] }, "id": "VAR-202401-0191", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2024-02-02T22:35:07.580000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-024622" }, { "db": "NVD", "id": "CVE-2023-51439" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu92179258/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-51439" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-06" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-024622" }, { "db": "NVD", "id": "CVE-2023-51439" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2023-024622" }, { "db": "NVD", "id": "CVE-2023-51439" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-024622" }, { "date": "2024-01-09T10:15:21.350000", "db": "NVD", "id": "CVE-2023-51439" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-01T02:55:00", "db": "JVNDB", "id": "JVNDB-2023-024622" }, { "date": "2024-01-11T20:36:36.063000", "db": "NVD", "id": "CVE-2023-51439" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-024622" } ], "trust": 0.8 } }
var-202106-1195
Vulnerability from variot
An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of-service condition or read sensitive information from memory locations. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DXF files. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages. There is a buffer error vulnerability in Drawings SDK, which is caused by boundary conditions when parsing DXF files. Affected products and versions are as follows: Drawings SDK: Before 2022.4
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.1" }, { "_id": null, "model": "drawings sdk", "scope": "lt", "trust": 1.0, "vendor": "opendesign", "version": "2022.4" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.1" }, { "_id": null, "model": "comos", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "10.4.1" }, { "_id": null, "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": "2022.4 all previous s - cve-2021-32938 , cve-2021-32936 , cve-2021-32940 , cve-2021-32948 , cve-2021-32950 , cve-2021-32944" }, { "_id": null, "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": "2022.5 all previous s - cve-2021-32946 , cve-2021-32952" }, { "_id": null, "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null }, { "_id": null, "model": "drawing sdk", "scope": null, "trust": 0.7, "vendor": "open design alliance oda", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-988" }, { "db": "ZDI", "id": "ZDI-23-136" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "NVD", "id": "CVE-2021-32950" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-988" }, { "db": "CNNVD", "id": "CNNVD-202106-685" } ], "trust": 1.3 }, "cve": "CVE-2021-32950", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-32950", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-392936", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2021-32950", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-32950", "impactScore": 5.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "IPA", "availabilityImpact": "Low", "baseScore": 4.4, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "JVNDB-2021-001881", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L \t", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2021-32950", "trust": 1.4, "value": "LOW" }, { "author": "nvd@nist.gov", "id": "CVE-2021-32950", "trust": 1.0, "value": "HIGH" }, { "author": "IPA", "id": "JVNDB-2021-001881", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202106-685", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-392936", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-32950", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-988" }, { "db": "ZDI", "id": "ZDI-23-136" }, { "db": "VULHUB", "id": "VHN-392936" }, { "db": "VULMON", "id": "CVE-2021-32950" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-685" }, { "db": "NVD", "id": "CVE-2021-32950" } ] }, "description": { "_id": null, "data": "An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of-service condition or read sensitive information from memory locations. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DXF files. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages. There is a buffer error vulnerability in Drawings SDK, which is caused by boundary conditions when parsing DXF files. Affected products and versions are as follows: Drawings SDK: Before 2022.4", "sources": [ { "db": "NVD", "id": "CVE-2021-32950" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "ZDI", "id": "ZDI-21-988" }, { "db": "ZDI", "id": "ZDI-23-136" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-392936" }, { "db": "VULMON", "id": "CVE-2021-32950" } ], "trust": 3.6 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-32950", "trust": 4.8 }, { "db": "ICS CERT", "id": "ICSA-21-159-02", "trust": 2.6 }, { "db": "ZDI", "id": "ZDI-21-988", "trust": 2.5 }, { "db": "SIEMENS", "id": "SSA-155599", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-365397", "trust": 1.8 }, { "db": "ZDI", "id": "ZDI-23-136", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU97514209", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95145431", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-23-047-01", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-001881", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13415", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19163", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-22-069-06", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-222-01", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021060909", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021081108", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031102", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2046", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1047", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2700", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202106-685", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-392936", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-32950", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-988" }, { "db": "ZDI", "id": "ZDI-23-136" }, { "db": "VULHUB", "id": "VHN-392936" }, { "db": "VULMON", "id": "CVE-2021-32950" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-685" }, { "db": "NVD", "id": "CVE-2021-32950" } ] }, "id": "VAR-202106-1195", "iot": { "_id": null, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-392936" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T12:17:08.924000Z", "patch": { "_id": null, "data": [ { "title": "Open\u00a0Design\u00a0Alliance\u00a0( Login required ) Open\u00a0Design\u00a0Alliance", "trust": 0.8, "url": "https://docs.opendesign.com/td/frames.html?frmname=topic\u0026frmfile=MovingToNewVersion.html" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "title": "", "trust": 0.7, "url": "https://www.opendesign.com/security-advisories" }, { "title": "Open Design Alliance Drawings SDK Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154862" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=dce38d2a1ec28e091a143e851596b2e8" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b2237aa5ac819041f827cc4fd4128631" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-988" }, { "db": "ZDI", "id": "ZDI-23-136" }, { "db": "VULMON", "id": "CVE-2021-32950" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202106-685" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.1 }, { "problemtype": "Out-of-bounds read (CWE-125) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Use of freed memory (CWE-416) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Improper checking in exceptional conditions (CWE-754) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [IPA evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-392936" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "NVD", "id": "CVE-2021-32950" } ] }, "references": { "_id": null, "data": [ { "trust": 2.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-988/" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32950" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu95145431" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu97514209/index.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32936" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32938" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32940" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32944" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32946" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32948" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32952" }, { "trust": 0.8, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-047-01" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "trust": 0.7, "url": "https://www.opendesign.com/security-advisories" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1047" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2046" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021081108" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2700" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021060909" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031102" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-06" }, { "trust": 0.2, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.zerodayinitiative.com/advisories/zdi-23-136/" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-06" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-988" }, { "db": "ZDI", "id": "ZDI-23-136" }, { "db": "VULHUB", "id": "VHN-392936" }, { "db": "VULMON", "id": "CVE-2021-32950" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-685" }, { "db": "NVD", "id": "CVE-2021-32950" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-988", "ident": null }, { "db": "ZDI", "id": "ZDI-23-136", "ident": null }, { "db": "VULHUB", "id": "VHN-392936", "ident": null }, { "db": "VULMON", "id": "CVE-2021-32950", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-001881", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202106-685", "ident": null }, { "db": "NVD", "id": "CVE-2021-32950", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-988", "ident": null }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-136", "ident": null }, { "date": "2021-06-17T00:00:00", "db": "VULHUB", "id": "VHN-392936", "ident": null }, { "date": "2021-06-17T00:00:00", "db": "VULMON", "id": "CVE-2021-32950", "ident": null }, { "date": "2021-06-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-001881", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2021-06-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-685", "ident": null }, { "date": "2021-06-17T13:15:08.250000", "db": "NVD", "id": "CVE-2021-32950", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-988", "ident": null }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-136", "ident": null }, { "date": "2022-04-15T00:00:00", "db": "VULHUB", "id": "VHN-392936", "ident": null }, { "date": "2022-04-15T00:00:00", "db": "VULMON", "id": "CVE-2021-32950", "ident": null }, { "date": "2023-02-17T05:48:00", "db": "JVNDB", "id": "JVNDB-2021-001881", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2022-03-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-685", "ident": null }, { "date": "2022-04-15T15:34:59.663000", "db": "NVD", "id": "CVE-2021-32950", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202106-685" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Open\u00a0Design\u00a0Alliance\u00a0 Made \u00a0Drawings\u00a0SDK\u00a0 Multiple vulnerabilities in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001881" } ], "trust": 0.8 }, "type": { "_id": null, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
var-202112-0802
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an off-by-one error in the heap while parsing specially crafted TIFF files. This could allow an attacker to cause a denial-of-service condition.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0802", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44007" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44007" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro\u2019s Zero Day Initiative and Jin Huang from ADLab reported these vulnerabilities.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1198" } ], "trust": 0.6 }, "cve": "CVE-2021-44007", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-44007", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202112-1198", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44007" }, { "db": "CNNVD", "id": "CNNVD-202112-1198" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll contains an off-by-one error in the heap while parsing specially crafted TIFF files. This could allow an attacker to cause a denial-of-service condition.", "sources": [ { "db": "NVD", "id": "CVE-2021-44007" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SIEMENS", "id": "SSA-595101", "trust": 1.6 }, { "db": "NVD", "id": "CVE-2021-44007", "trust": 1.6 }, { "db": "AUSCERT", "id": "ESB-2021.4300", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010614", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-350-10", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202112-1198", "trust": 0.6 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44007" }, { "db": "CNNVD", "id": "CNNVD-202112-1198" } ] }, "id": "VAR-202112-0802", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:56:11.716000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens Jt2go Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=174913" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1198" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-193", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44007" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-10" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4300" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010614" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44007" }, { "db": "CNNVD", "id": "CNNVD-202112-1198" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "NVD", "id": "CVE-2021-44007" }, { "db": "CNNVD", "id": "CNNVD-202112-1198" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-14T12:15:10.407000", "db": "NVD", "id": "CVE-2021-44007" }, { "date": "2021-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1198" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-15T13:24:43.160000", "db": "NVD", "id": "CVE-2021-44007" }, { "date": "2022-01-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1198" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1198" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Jt2go Security hole", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1198" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1198" } ], "trust": 0.6 } }
var-202102-0323
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12043). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-12043 Was numbered.Information may be obtained and information may be tampered with. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.2" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-228" }, { "db": "JVNDB", "id": "JVNDB-2020-015925" }, { "db": "NVD", "id": "CVE-2020-27002" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-27002" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-21-228" } ], "trust": 0.7 }, "cve": "CVE-2020-27002", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 3.6, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-27002", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-27002", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2020-27002", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-27002", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2020-27002", "trust": 0.7, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202102-872", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2020-27002", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-228" }, { "db": "VULMON", "id": "CVE-2020-27002" }, { "db": "JVNDB", "id": "JVNDB-2020-015925" }, { "db": "NVD", "id": "CVE-2020-27002" }, { "db": "CNNVD", "id": "CNNVD-202102-872" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.2), Teamcenter Visualization (All versions \u003c V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12043). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-12043 Was numbered.Information may be obtained and information may be tampered with. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files", "sources": [ { "db": "NVD", "id": "CVE-2020-27002" }, { "db": "JVNDB", "id": "JVNDB-2020-015925" }, { "db": "ZDI", "id": "ZDI-21-228" }, { "db": "VULMON", "id": "CVE-2020-27002" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-27002", "trust": 3.2 }, { "db": "ZDI", "id": "ZDI-21-228", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-695540", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-663999", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2020-015925", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12043", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-040-06", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-147-04", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0495", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1836", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202102-872", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-27002", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-228" }, { "db": "VULMON", "id": "CVE-2020-27002" }, { "db": "JVNDB", "id": "JVNDB-2020-015925" }, { "db": "NVD", "id": "CVE-2020-27002" }, { "db": "CNNVD", "id": "CNNVD-202102-872" } ] }, "id": "VAR-202102-0323", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:03:34.471000Z", "patch": { "_id": null, "data": [ { "title": "SSA-663999 Siemens\u00a0Security\u00a0Advisory", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "title": " https://us-cert.cisa.gov/ics/advisories/icsa-21-147-04", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "title": "JT2Go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=141293" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=22012358d4c381f4f14edecd2684a63a" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=1c3bdb36e22f42f5b9339f0ff806382c" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-228" }, { "db": "VULMON", "id": "CVE-2020-27002" }, { "db": "JVNDB", "id": "JVNDB-2020-015925" }, { "db": "CNNVD", "id": "CNNVD-202102-872" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015925" }, { "db": "NVD", "id": "CVE-2020-27002" } ] }, "references": { "_id": null, "data": [ { "trust": 2.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-228/" }, { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "trust": 1.3, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-147-04" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27002" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0495" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1836" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-228" }, { "db": "VULMON", "id": "CVE-2020-27002" }, { "db": "JVNDB", "id": "JVNDB-2020-015925" }, { "db": "NVD", "id": "CVE-2020-27002" }, { "db": "CNNVD", "id": "CNNVD-202102-872" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-228", "ident": null }, { "db": "VULMON", "id": "CVE-2020-27002", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015925", "ident": null }, { "db": "NVD", "id": "CVE-2020-27002", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202102-872", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-228", "ident": null }, { "date": "2021-02-09T00:00:00", "db": "VULMON", "id": "CVE-2020-27002", "ident": null }, { "date": "2021-10-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015925", "ident": null }, { "date": "2021-02-09T17:15:14.077000", "db": "NVD", "id": "CVE-2020-27002", "ident": null }, { "date": "2021-02-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-872", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-06-08T00:00:00", "db": "ZDI", "id": "ZDI-21-228", "ident": null }, { "date": "2021-05-19T00:00:00", "db": "VULMON", "id": "CVE-2020-27002", "ident": null }, { "date": "2021-10-25T06:42:00", "db": "JVNDB", "id": "JVNDB-2020-015925", "ident": null }, { "date": "2022-04-29T19:04:11.183000", "db": "NVD", "id": "CVE-2020-27002", "ident": null }, { "date": "2021-05-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-872", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-872" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015925" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-872" } ], "trust": 0.6 } }
var-202212-1730
Vulnerability from variot
The APDFL.dll contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. Siemens Teamcenter Visualization and JT2Go Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Teamcenter Visualization and JT2Go
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1730", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.5" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.8" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0.0" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.5" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.4" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-005664" }, { "db": "NVD", "id": "CVE-2022-3159" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.8", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.5", "versionStartIncluding": "14.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.4", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.5", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-3159" } ] }, "cve": "CVE-2022-3159", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "OTHER", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2022-005664", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-3159", "trust": 1.0, "value": "HIGH" }, { "author": "ics-cert@hq.dhs.gov", "id": "CVE-2022-3159", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2022-005664", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202301-1066", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-005664" }, { "db": "NVD", "id": "CVE-2022-3159" }, { "db": "NVD", "id": "CVE-2022-3159" }, { "db": "CNNVD", "id": "CNNVD-202301-1066" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The APDFL.dll contains a stack-based buffer overflow vulnerability that \ncould be triggered while parsing specially crafted PDF files. This could\n allow an attacker to execute code in the context of the current \nprocess. Siemens Teamcenter Visualization and JT2Go Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Teamcenter Visualization and JT2Go", "sources": [ { "db": "NVD", "id": "CVE-2022-3159" }, { "db": "JVNDB", "id": "JVNDB-2022-005664" }, { "db": "VULMON", "id": "CVE-2022-3159" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-3159", "trust": 3.3 }, { "db": "ICS CERT", "id": "ICSA-22-349-15", "trust": 2.5 }, { "db": "SIEMENS", "id": "SSA-360681", "trust": 1.6 }, { "db": "JVN", "id": "JVNVU91561630", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-005664", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202301-1066", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-3159", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-3159" }, { "db": "JVNDB", "id": "JVNDB-2022-005664" }, { "db": "NVD", "id": "CVE-2022-3159" }, { "db": "CNNVD", "id": "CNNVD-202301-1066" } ] }, "id": "VAR-202212-1730", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:50:23.714000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-360681", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/html/ssa-360681.html" }, { "title": "Siemens Teamcenter Visualization and JT2Go Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=222347" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-005664" }, { "db": "CNNVD", "id": "CNNVD-202301-1066" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-005664" }, { "db": "NVD", "id": "CVE-2022-3159" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-15" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-360681.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91561630/index.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3159" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-15" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-3159/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-3159" }, { "db": "JVNDB", "id": "JVNDB-2022-005664" }, { "db": "NVD", "id": "CVE-2022-3159" }, { "db": "CNNVD", "id": "CNNVD-202301-1066" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-3159" }, { "db": "JVNDB", "id": "JVNDB-2022-005664" }, { "db": "NVD", "id": "CVE-2022-3159" }, { "db": "CNNVD", "id": "CNNVD-202301-1066" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-005664" }, { "date": "2023-01-13T01:15:09.600000", "db": "NVD", "id": "CVE-2022-3159" }, { "date": "2023-01-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202301-1066" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-08T02:42:00", "db": "JVNDB", "id": "JVNDB-2022-005664" }, { "date": "2023-11-07T03:50:52.743000", "db": "NVD", "id": "CVE-2022-3159" }, { "date": "2023-01-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202301-1066" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202301-1066" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u00a0Teamcenter\u00a0Visualization\u00a0 and \u00a0JT2Go\u00a0 Out-of-bounds write vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-005664" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202301-1066" } ], "trust": 0.6 } }
var-202205-0954
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Mono_Loader.dll library is vulnerable to integer overflow condition while parsing specially crafted TG4 files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens JT2GO and Teamcenter Visualization
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0954", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.1" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.3" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.3" } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29030" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.1", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.3", "versionStartIncluding": "13.3", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29030" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "reported these vulnerabilities to CISA., of ADLab of Venustech,Jin Huang", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3136" } ], "trust": 0.6 }, "cve": "CVE-2022-29030", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-29030", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202205-3136", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29030" }, { "db": "CNNVD", "id": "CNNVD-202205-3136" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.3.0.3), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.3), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.1). The Mono_Loader.dll library is vulnerable to integer overflow condition while parsing specially crafted TG4 files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens JT2GO and Teamcenter Visualization", "sources": [ { "db": "NVD", "id": "CVE-2022-29030" }, { "db": "VULMON", "id": "CVE-2022-29030" } ], "trust": 0.99 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-29030", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-553086", "trust": 1.6 }, { "db": "ICS CERT", "id": "ICSA-22-132-09", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022051211", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.2350", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202205-3136", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-29030", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-29030" }, { "db": "NVD", "id": "CVE-2022-29030" }, { "db": "CNNVD", "id": "CNNVD-202205-3136" } ] }, "id": "VAR-202205-0954", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:56:05.400000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens JT2GO and Siemens Teamcenter Visualization Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=194236" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3136" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-190", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29030" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-132-09" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-29030/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.2350" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022051211" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-09" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-29030" }, { "db": "NVD", "id": "CVE-2022-29030" }, { "db": "CNNVD", "id": "CNNVD-202205-3136" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-29030" }, { "db": "NVD", "id": "CVE-2022-29030" }, { "db": "CNNVD", "id": "CNNVD-202205-3136" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-20T13:15:15.647000", "db": "NVD", "id": "CVE-2022-29030" }, { "date": "2022-05-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202205-3136" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-26T22:56:55.667000", "db": "NVD", "id": "CVE-2022-29030" }, { "date": "2022-05-30T00:00:00", "db": "CNNVD", "id": "CNNVD-202205-3136" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3136" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens JT2GO and Siemens Teamcenter Visualization Input validation error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3136" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3136" } ], "trust": 0.6 } }
var-202107-1411
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The DL180CoolType.dll library in affected applications lacks proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13380). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13380 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PDF files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-849" }, { "db": "JVNDB", "id": "JVNDB-2021-009320" }, { "db": "NVD", "id": "CVE-2021-34316" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34316" } ] }, "credits": { "_id": null, "data": "Tran Van Khang - khangkito (VinCSS)", "sources": [ { "db": "ZDI", "id": "ZDI-21-849" } ], "trust": 0.7 }, "cve": "CVE-2021-34316", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34316", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34316", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34316", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34316", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34316", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-894", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-34316", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-849" }, { "db": "VULMON", "id": "CVE-2021-34316" }, { "db": "JVNDB", "id": "JVNDB-2021-009320" }, { "db": "NVD", "id": "CVE-2021-34316" }, { "db": "CNNVD", "id": "CNNVD-202107-894" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The DL180CoolType.dll library in affected applications lacks proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13380). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13380 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PDF files", "sources": [ { "db": "NVD", "id": "CVE-2021-34316" }, { "db": "JVNDB", "id": "JVNDB-2021-009320" }, { "db": "ZDI", "id": "ZDI-21-849" }, { "db": "VULMON", "id": "CVE-2021-34316" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34316", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-849", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009320", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13380", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-894", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34316", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-849" }, { "db": "VULMON", "id": "CVE-2021-34316" }, { "db": "JVNDB", "id": "JVNDB-2021-009320" }, { "db": "NVD", "id": "CVE-2021-34316" }, { "db": "CNNVD", "id": "CNNVD-202107-894" } ] }, "id": "VAR-202107-1411", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:11:41.371000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156587" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-849" }, { "db": "VULMON", "id": "CVE-2021-34316" }, { "db": "JVNDB", "id": "JVNDB-2021-009320" }, { "db": "CNNVD", "id": "CNNVD-202107-894" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009320" }, { "db": "NVD", "id": "CVE-2021-34316" } ] }, "references": { "_id": null, "data": [ { "trust": 3.1, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-849/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34316" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-849" }, { "db": "VULMON", "id": "CVE-2021-34316" }, { "db": "JVNDB", "id": "JVNDB-2021-009320" }, { "db": "NVD", "id": "CVE-2021-34316" }, { "db": "CNNVD", "id": "CNNVD-202107-894" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-849", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34316", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009320", "ident": null }, { "db": "NVD", "id": "CVE-2021-34316", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-894", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-849", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34316", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009320", "ident": null }, { "date": "2021-07-13T11:15:12.140000", "db": "NVD", "id": "CVE-2021-34316", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-894", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-849", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "VULMON", "id": "CVE-2021-34316", "ident": null }, { "date": "2022-04-20T08:17:00", "db": "JVNDB", "id": "JVNDB-2021-009320", "ident": null }, { "date": "2021-07-27T14:03:40.370000", "db": "NVD", "id": "CVE-2021-34316", "ident": null }, { "date": "2021-08-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-894", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-894" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009320" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-894" } ], "trust": 0.6 } }
var-202112-0797
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15102). This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0797", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-008" }, { "db": "NVD", "id": "CVE-2021-44012" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44012" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-22-008" }, { "db": "CNNVD", "id": "CNNVD-202112-1203" } ], "trust": 1.3 }, "cve": "CVE-2021-44012", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-44012", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2021-44012", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-44012", "trust": 1.0, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2021-44012", "trust": 0.7, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202112-1203", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-44012", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-008" }, { "db": "VULMON", "id": "CVE-2021-44012" }, { "db": "NVD", "id": "CVE-2021-44012" }, { "db": "CNNVD", "id": "CNNVD-202112-1203" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15102). This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files", "sources": [ { "db": "NVD", "id": "CVE-2021-44012" }, { "db": "ZDI", "id": "ZDI-22-008" }, { "db": "VULMON", "id": "CVE-2021-44012" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-44012", "trust": 2.4 }, { "db": "ZDI", "id": "ZDI-22-008", "trust": 2.4 }, { "db": "SIEMENS", "id": "SSA-595101", "trust": 1.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-15102", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022010614", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4300", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-350-10", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202112-1203", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-44012", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-008" }, { "db": "VULMON", "id": "CVE-2021-44012" }, { "db": "NVD", "id": "CVE-2021-44012" }, { "db": "CNNVD", "id": "CNNVD-202112-1203" } ] }, "id": "VAR-202112-0797", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:57:50.195000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdfhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10" }, { "title": "Siemens Jt2go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=174918" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=39139dcd04f2a523ea449623583b65af" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-008" }, { "db": "VULMON", "id": "CVE-2021-44012" }, { "db": "CNNVD", "id": "CNNVD-202112-1203" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44012" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-22-008/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdfhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-10" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4300" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010614" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-008" }, { "db": "VULMON", "id": "CVE-2021-44012" }, { "db": "NVD", "id": "CVE-2021-44012" }, { "db": "CNNVD", "id": "CNNVD-202112-1203" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-22-008" }, { "db": "VULMON", "id": "CVE-2021-44012" }, { "db": "NVD", "id": "CVE-2021-44012" }, { "db": "CNNVD", "id": "CNNVD-202112-1203" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-06T00:00:00", "db": "ZDI", "id": "ZDI-22-008" }, { "date": "2021-12-14T00:00:00", "db": "VULMON", "id": "CVE-2021-44012" }, { "date": "2021-12-14T12:15:10.667000", "db": "NVD", "id": "CVE-2021-44012" }, { "date": "2021-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1203" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-09T00:00:00", "db": "ZDI", "id": "ZDI-22-008" }, { "date": "2022-01-06T00:00:00", "db": "VULMON", "id": "CVE-2021-44012" }, { "date": "2022-03-30T13:16:21.420000", "db": "NVD", "id": "CVE-2021-44012" }, { "date": "2022-01-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1203" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1203" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens JT2Go JT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-22-008" } ], "trust": 0.7 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1203" } ], "trust": 0.6 } }
var-202102-0329
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PLT files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12209). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-12209 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PLT files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-235" }, { "db": "JVNDB", "id": "JVNDB-2020-015912" }, { "db": "NVD", "id": "CVE-2020-27008" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-27008" } ] }, "credits": { "_id": null, "data": "Francis Provencher {PRL}", "sources": [ { "db": "ZDI", "id": "ZDI-21-235" } ], "trust": 0.7 }, "cve": "CVE-2020-27008", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.1, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-27008", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-27008", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2020-27008", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-27008", "trust": 1.8, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2020-27008", "trust": 0.7, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202102-861", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-235" }, { "db": "JVNDB", "id": "JVNDB-2020-015912" }, { "db": "NVD", "id": "CVE-2020-27008" }, { "db": "CNNVD", "id": "CNNVD-202102-861" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PLT files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12209). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-12209 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PLT files", "sources": [ { "db": "NVD", "id": "CVE-2020-27008" }, { "db": "JVNDB", "id": "JVNDB-2020-015912" }, { "db": "ZDI", "id": "ZDI-21-235" } ], "trust": 2.25 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-27008", "trust": 3.1 }, { "db": "ZDI", "id": "ZDI-21-235", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-663999", "trust": 1.6 }, { "db": "JVN", "id": "JVNVU91083521", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015912", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12209", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-040-06", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0495", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202102-861", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-235" }, { "db": "JVNDB", "id": "JVNDB-2020-015912" }, { "db": "NVD", "id": "CVE-2020-27008" }, { "db": "CNNVD", "id": "CNNVD-202102-861" } ] }, "id": "VAR-202102-0329", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:27:42.503000Z", "patch": { "_id": null, "data": [ { "title": "SSA-663999", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "title": "JT2Go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=141283" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-235" }, { "db": "JVNDB", "id": "JVNDB-2020-015912" }, { "db": "CNNVD", "id": "CNNVD-202102-861" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015912" }, { "db": "NVD", "id": "CVE-2020-27008" } ] }, "references": { "_id": null, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-235/" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "trust": 1.3, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91083521/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27008" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0495" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-235" }, { "db": "JVNDB", "id": "JVNDB-2020-015912" }, { "db": "NVD", "id": "CVE-2020-27008" }, { "db": "CNNVD", "id": "CNNVD-202102-861" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-235", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015912", "ident": null }, { "db": "NVD", "id": "CVE-2020-27008", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202102-861", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-235", "ident": null }, { "date": "2021-10-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015912", "ident": null }, { "date": "2021-02-09T17:15:14.483000", "db": "NVD", "id": "CVE-2020-27008", "ident": null }, { "date": "2021-02-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-861", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-235", "ident": null }, { "date": "2021-10-22T07:03:00", "db": "JVNDB", "id": "JVNDB-2020-015912", "ident": null }, { "date": "2021-03-09T15:55:31.607000", "db": "NVD", "id": "CVE-2020-27008", "ident": null }, { "date": "2021-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-861", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-861" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015912" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-861" } ], "trust": 0.6 } }
var-202212-1170
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens' JT2Go and Teamcenter Visualization for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1170", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.12" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.6" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.8" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "jt2go", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.4" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023192" }, { "db": "NVD", "id": "CVE-2022-41280" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.4", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.8", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.12", "versionStartIncluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-41280" } ] }, "cve": "CVE-2022-41280", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "productcert@siemens.com", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "OTHER", "availabilityImpact": "Low", "baseScore": 3.3, "baseSeverity": "Low", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2022-023192", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2022-41280", "trust": 1.0, "value": "LOW" }, { "author": "NVD", "id": "CVE-2022-41280", "trust": 1.0, "value": "MEDIUM" }, { "author": "OTHER", "id": "JVNDB-2022-023192", "trust": 0.8, "value": "Low" }, { "author": "CNNVD", "id": "CNNVD-202212-3112", "trust": 0.6, "value": "LOW" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023192" }, { "db": "NVD", "id": "CVE-2022-41280" }, { "db": "NVD", "id": "CVE-2022-41280" }, { "db": "CNNVD", "id": "CNNVD-202212-3112" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens\u0027 JT2Go and Teamcenter Visualization for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-41280" }, { "db": "JVNDB", "id": "JVNDB-2022-023192" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-41280", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-700053", "trust": 2.4 }, { "db": "ICS CERT", "id": "ICSA-22-349-20", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU91561630", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-023192", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202212-3112", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023192" }, { "db": "NVD", "id": "CVE-2022-41280" }, { "db": "CNNVD", "id": "CNNVD-202212-3112" } ] }, "id": "VAR-202212-1170", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:47:06.100000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens part of the product Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=228955" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3112" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.0 }, { "problemtype": "NULL Pointer dereference (CWE-476) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023192" }, { "db": "NVD", "id": "CVE-2022-41280" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91561630/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41280" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-20" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-41280/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023192" }, { "db": "NVD", "id": "CVE-2022-41280" }, { "db": "CNNVD", "id": "CNNVD-202212-3112" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2022-023192" }, { "db": "NVD", "id": "CVE-2022-41280" }, { "db": "CNNVD", "id": "CNNVD-202212-3112" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-023192" }, { "date": "2022-12-13T16:15:22.290000", "db": "NVD", "id": "CVE-2022-41280" }, { "date": "2022-12-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3112" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-28T02:22:00", "db": "JVNDB", "id": "JVNDB-2022-023192" }, { "date": "2023-04-11T10:15:16.757000", "db": "NVD", "id": "CVE-2022-41280" }, { "date": "2023-04-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3112" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3112" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023192" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3112" } ], "trust": 0.6 } }
var-202107-1415
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406). JT2Go and Teamcenter Visualization There is a vulnerability related to out-of-bounds reading and a vulnerability related to input verification. Zero Day Initiative To this vulnerability ZDI-CAN-13406 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-856" }, { "db": "JVNDB", "id": "JVNDB-2021-009285" }, { "db": "NVD", "id": "CVE-2021-34320" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34320" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-856" } ], "trust": 0.7 }, "cve": "CVE-2021-34320", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34320", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34320", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2021-34320", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34320", "trust": 1.8, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2021-34320", "trust": 0.7, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202107-908", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-34320", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-856" }, { "db": "VULMON", "id": "CVE-2021-34320" }, { "db": "JVNDB", "id": "JVNDB-2021-009285" }, { "db": "NVD", "id": "CVE-2021-34320" }, { "db": "CNNVD", "id": "CNNVD-202107-908" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406). JT2Go and Teamcenter Visualization There is a vulnerability related to out-of-bounds reading and a vulnerability related to input verification. Zero Day Initiative To this vulnerability ZDI-CAN-13406 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-34320" }, { "db": "JVNDB", "id": "JVNDB-2021-009285" }, { "db": "ZDI", "id": "ZDI-21-856" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-34320" } ], "trust": 2.88 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34320", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-856", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009285", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13406", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021071508", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-908", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34320", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-856" }, { "db": "VULMON", "id": "CVE-2021-34320" }, { "db": "JVNDB", "id": "JVNDB-2021-009285" }, { "db": "NVD", "id": "CVE-2021-34320" }, { "db": "CNNVD", "id": "CNNVD-202107-908" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "id": "VAR-202107-1415", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:18:08.922000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=156601" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34320 " } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-856" }, { "db": "VULMON", "id": "CVE-2021-34320" }, { "db": "JVNDB", "id": "JVNDB-2021-009285" }, { "db": "CNNVD", "id": "CNNVD-202107-908" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009285" }, { "db": "NVD", "id": "CVE-2021-34320" } ] }, "references": { "_id": null, "data": [ { "trust": 3.2, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-856/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34320" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071508" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34320" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-856" }, { "db": "VULMON", "id": "CVE-2021-34320" }, { "db": "JVNDB", "id": "JVNDB-2021-009285" }, { "db": "NVD", "id": "CVE-2021-34320" }, { "db": "CNNVD", "id": "CNNVD-202107-908" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-856", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34320", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009285", "ident": null }, { "db": "NVD", "id": "CVE-2021-34320", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-908", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-856", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34320", "ident": null }, { "date": "2022-04-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009285", "ident": null }, { "date": "2021-07-13T11:15:12.450000", "db": "NVD", "id": "CVE-2021-34320", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-908", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-856", "ident": null }, { "date": "2022-10-07T00:00:00", "db": "VULMON", "id": "CVE-2021-34320", "ident": null }, { "date": "2022-04-19T09:43:00", "db": "JVNDB", "id": "JVNDB-2021-009285", "ident": null }, { "date": "2022-10-07T20:47:39.753000", "db": "NVD", "id": "CVE-2021-34320", "ident": null }, { "date": "2022-10-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-908", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-908" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009285" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-908" } ], "trust": 0.6 } }
var-202212-1167
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens' JT2Go and Teamcenter Visualization for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1167", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.4" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.8" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.6" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.12" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.6" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023194" }, { "db": "NVD", "id": "CVE-2022-41278" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.4", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.8", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.12", "versionStartIncluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.6", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-41278" } ] }, "cve": "CVE-2022-41278", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "productcert@siemens.com", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "OTHER", "availabilityImpact": "Low", "baseScore": 3.3, "baseSeverity": "Low", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2022-023194", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2022-41278", "trust": 1.0, "value": "LOW" }, { "author": "NVD", "id": "CVE-2022-41278", "trust": 1.0, "value": "MEDIUM" }, { "author": "OTHER", "id": "JVNDB-2022-023194", "trust": 0.8, "value": "Low" }, { "author": "CNNVD", "id": "CNNVD-202212-3114", "trust": 0.6, "value": "LOW" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023194" }, { "db": "CNNVD", "id": "CNNVD-202212-3114" }, { "db": "NVD", "id": "CVE-2022-41278" }, { "db": "NVD", "id": "CVE-2022-41278" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens\u0027 JT2Go and Teamcenter Visualization for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-41278" }, { "db": "JVNDB", "id": "JVNDB-2022-023194" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-41278", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-700053", "trust": 2.4 }, { "db": "ICS CERT", "id": "ICSA-22-349-20", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU91561630", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-023194", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202212-3114", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023194" }, { "db": "CNNVD", "id": "CNNVD-202212-3114" }, { "db": "NVD", "id": "CVE-2022-41278" } ] }, "id": "VAR-202212-1167", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2024-02-02T20:39:59.106000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens part of the product Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=228957" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3114" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.0 }, { "problemtype": "NULL Pointer dereference (CWE-476) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023194" }, { "db": "NVD", "id": "CVE-2022-41278" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91561630/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41278" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-20" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-41278/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023194" }, { "db": "CNNVD", "id": "CNNVD-202212-3114" }, { "db": "NVD", "id": "CVE-2022-41278" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2022-023194" }, { "db": "CNNVD", "id": "CNNVD-202212-3114" }, { "db": "NVD", "id": "CVE-2022-41278" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-023194" }, { "date": "2022-12-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3114" }, { "date": "2022-12-13T16:15:22.100000", "db": "NVD", "id": "CVE-2022-41278" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-28T02:23:00", "db": "JVNDB", "id": "JVNDB-2022-023194" }, { "date": "2023-04-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3114" }, { "date": "2024-02-01T15:53:27.107000", "db": "NVD", "id": "CVE-2022-41278" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3114" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023194" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3114" } ], "trust": 0.6 } }
var-202106-1193
Vulnerability from variot
An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DGN files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages. Affected products and versions are as follows: Drawings SDK: Before 2022.4
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.2" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.2" }, { "_id": null, "model": "drawings sdk", "scope": "lte", "trust": 1.0, "vendor": "opendesign", "version": "2022.4" }, { "_id": null, "model": "comos", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "10.4.1" }, { "_id": null, "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": "2022.4 all previous s - cve-2021-32938 , cve-2021-32936 , cve-2021-32940 , cve-2021-32948 , cve-2021-32950 , cve-2021-32944" }, { "_id": null, "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": "2022.5 all previous s - cve-2021-32946 , cve-2021-32952" }, { "_id": null, "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": null }, { "_id": null, "model": "drawing sdk", "scope": null, "trust": 0.7, "vendor": "open design alliance oda", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-985" }, { "db": "ZDI", "id": "ZDI-21-983" }, { "db": "ZDI", "id": "ZDI-23-130" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "NVD", "id": "CVE-2021-32946" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-985" }, { "db": "ZDI", "id": "ZDI-21-983" }, { "db": "CNNVD", "id": "CNNVD-202106-687" } ], "trust": 2.0 }, "cve": "CVE-2021-32946", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-32946", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-392932", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-32946", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.1, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-32946", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "IPA", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2021-001881", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2021-32946", "trust": 2.1, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2021-32946", "trust": 1.0, "value": "HIGH" }, { "author": "IPA", "id": "JVNDB-2021-001881", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202106-687", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-392932", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-32946", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-985" }, { "db": "ZDI", "id": "ZDI-21-983" }, { "db": "ZDI", "id": "ZDI-23-130" }, { "db": "VULHUB", "id": "VHN-392932" }, { "db": "VULMON", "id": "CVE-2021-32946" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-687" }, { "db": "NVD", "id": "CVE-2021-32946" } ] }, "description": { "_id": null, "data": "An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DGN files. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages. Affected products and versions are as follows: Drawings SDK: Before 2022.4", "sources": [ { "db": "NVD", "id": "CVE-2021-32946" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "ZDI", "id": "ZDI-21-985" }, { "db": "ZDI", "id": "ZDI-21-983" }, { "db": "ZDI", "id": "ZDI-23-130" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-392932" }, { "db": "VULMON", "id": "CVE-2021-32946" } ], "trust": 4.23 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-32946", "trust": 5.5 }, { "db": "ICS CERT", "id": "ICSA-21-159-02", "trust": 2.6 }, { "db": "ZDI", "id": "ZDI-21-985", "trust": 2.5 }, { "db": "ZDI", "id": "ZDI-21-983", "trust": 2.5 }, { "db": "SIEMENS", "id": "SSA-155599", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-938030", "trust": 1.8 }, { "db": "ZDI", "id": "ZDI-23-130", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU97514209", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95145431", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-23-047-01", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-001881", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13411", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13409", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19148", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-22-069-06", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021060908", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021081107", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031102", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2046", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1047", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2702", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-222-03", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202106-687", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-392932", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-32946", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-985" }, { "db": "ZDI", "id": "ZDI-21-983" }, { "db": "ZDI", "id": "ZDI-23-130" }, { "db": "VULHUB", "id": "VHN-392932" }, { "db": "VULMON", "id": "CVE-2021-32946" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-687" }, { "db": "NVD", "id": "CVE-2021-32946" } ] }, "id": "VAR-202106-1193", "iot": { "_id": null, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-392932" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T12:54:05.432000Z", "patch": { "_id": null, "data": [ { "title": "", "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-03https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf" }, { "title": "Open\u00a0Design\u00a0Alliance\u00a0( Login required ) Open\u00a0Design\u00a0Alliance", "trust": 0.8, "url": "https://docs.opendesign.com/td/frames.html?frmname=topic\u0026frmfile=MovingToNewVersion.html" }, { "title": "", "trust": 0.7, "url": "https://www.opendesign.com/security-advisories" }, { "title": "Open Design Alliance Drawings SDK Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154864" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=e0bde73e6fac136c31fc4dfabb276eae" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=dce38d2a1ec28e091a143e851596b2e8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-985" }, { "db": "ZDI", "id": "ZDI-21-983" }, { "db": "ZDI", "id": "ZDI-23-130" }, { "db": "VULMON", "id": "CVE-2021-32946" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202106-687" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-754", "trust": 1.1 }, { "problemtype": "Out-of-bounds read (CWE-125) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Use of freed memory (CWE-416) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Improper checking in exceptional conditions (CWE-754) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [IPA evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-392932" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "NVD", "id": "CVE-2021-32946" } ] }, "references": { "_id": null, "data": [ { "trust": 2.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-985/" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf" }, { "trust": 1.8, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-983/" }, { "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-03https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32946" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu95145431" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu97514209/index.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32936" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32938" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32940" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32944" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32948" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32950" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32952" }, { "trust": 0.8, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-047-01" }, { "trust": 0.7, "url": "https://www.opendesign.com/security-advisories" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1047" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-03" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021081107" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2046" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2702" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021060908" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031102" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-06" }, { "trust": 0.2, "url": "https://cwe.mitre.org/data/definitions/754.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-938030.txt" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-06" }, { "trust": 0.1, "url": "https://www.zerodayinitiative.com/advisories/zdi-23-130/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-985" }, { "db": "ZDI", "id": "ZDI-21-983" }, { "db": "ZDI", "id": "ZDI-23-130" }, { "db": "VULHUB", "id": "VHN-392932" }, { "db": "VULMON", "id": "CVE-2021-32946" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-687" }, { "db": "NVD", "id": "CVE-2021-32946" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-985", "ident": null }, { "db": "ZDI", "id": "ZDI-21-983", "ident": null }, { "db": "ZDI", "id": "ZDI-23-130", "ident": null }, { "db": "VULHUB", "id": "VHN-392932", "ident": null }, { "db": "VULMON", "id": "CVE-2021-32946", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-001881", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202106-687", "ident": null }, { "db": "NVD", "id": "CVE-2021-32946", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-985", "ident": null }, { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-983", "ident": null }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-130", "ident": null }, { "date": "2021-06-17T00:00:00", "db": "VULHUB", "id": "VHN-392932", "ident": null }, { "date": "2021-06-17T00:00:00", "db": "VULMON", "id": "CVE-2021-32946", "ident": null }, { "date": "2021-06-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-001881", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2021-06-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-687", "ident": null }, { "date": "2021-06-17T12:15:08.023000", "db": "NVD", "id": "CVE-2021-32946", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-985", "ident": null }, { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-983", "ident": null }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-130", "ident": null }, { "date": "2022-04-15T00:00:00", "db": "VULHUB", "id": "VHN-392932", "ident": null }, { "date": "2022-04-15T00:00:00", "db": "VULMON", "id": "CVE-2021-32946", "ident": null }, { "date": "2023-02-17T05:48:00", "db": "JVNDB", "id": "JVNDB-2021-001881", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2022-03-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-687", "ident": null }, { "date": "2022-04-15T15:39:18.653000", "db": "NVD", "id": "CVE-2021-32946", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202106-687" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Open\u00a0Design\u00a0Alliance\u00a0 Made \u00a0Drawings\u00a0SDK\u00a0 Multiple vulnerabilities in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001881" } ], "trust": 0.8 }, "type": { "_id": null, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
var-202211-0306
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202211-0306", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.4" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.7" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.4" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.3" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022824" }, { "db": "NVD", "id": "CVE-2022-41664" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.7", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.3", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.4", "versionStartIncluding": "14.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-41664" } ] }, "cve": "CVE-2022-41664", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-41664", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-41664", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2022-41664", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202211-2319", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022824" }, { "db": "NVD", "id": "CVE-2022-41664" }, { "db": "NVD", "id": "CVE-2022-41664" }, { "db": "CNNVD", "id": "CNNVD-202211-2319" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.4), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.7), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.3), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.4). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. Siemens\u0027 JT2Go and Teamcenter Visualization Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-41664" }, { "db": "JVNDB", "id": "JVNDB-2022-022824" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-41664", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-120378", "trust": 2.4 }, { "db": "ICS CERT", "id": "ICSA-22-314-09", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU93762879", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-022824", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202211-2319", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022824" }, { "db": "NVD", "id": "CVE-2022-41664" }, { "db": "CNNVD", "id": "CNNVD-202211-2319" } ] }, "id": "VAR-202211-0306", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:47:26.195000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens JT2Go and Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=213373" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-2319" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022824" }, { "db": "NVD", "id": "CVE-2022-41664" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93762879/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41664" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-314-09" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-41664/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022824" }, { "db": "NVD", "id": "CVE-2022-41664" }, { "db": "CNNVD", "id": "CNNVD-202211-2319" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2022-022824" }, { "db": "NVD", "id": "CVE-2022-41664" }, { "db": "CNNVD", "id": "CNNVD-202211-2319" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-022824" }, { "date": "2022-11-08T11:15:11.813000", "db": "NVD", "id": "CVE-2022-41664" }, { "date": "2022-11-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202211-2319" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-21T01:47:00", "db": "JVNDB", "id": "JVNDB-2022-022824" }, { "date": "2023-06-13T09:15:15.310000", "db": "NVD", "id": "CVE-2022-41664" }, { "date": "2023-06-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202211-2319" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-2319" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds write vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022824" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-2319" } ], "trust": 0.6 } }
var-202112-0803
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0803", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44006" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44006" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro\u2019s Zero Day Initiative and Jin Huang from ADLab reported these vulnerabilities.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1197" } ], "trust": 0.6 }, "cve": "CVE-2021-44006", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-44006", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202112-1197", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44006" }, { "db": "CNNVD", "id": "CNNVD-202112-1197" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process.", "sources": [ { "db": "NVD", "id": "CVE-2021-44006" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SIEMENS", "id": "SSA-595101", "trust": 1.6 }, { "db": "NVD", "id": "CVE-2021-44006", "trust": 1.6 }, { "db": "CS-HELP", "id": "SB2022010614", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-350-10", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4300", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202112-1197", "trust": 0.6 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44006" }, { "db": "CNNVD", "id": "CNNVD-202112-1197" } ] }, "id": "VAR-202112-0803", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:52:06.976000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens Jt2go Jt2go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=174912" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1197" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44006" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-10" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4300" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010614" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44006" }, { "db": "CNNVD", "id": "CNNVD-202112-1197" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "NVD", "id": "CVE-2021-44006" }, { "db": "CNNVD", "id": "CNNVD-202112-1197" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-14T12:15:10.353000", "db": "NVD", "id": "CVE-2021-44006" }, { "date": "2021-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1197" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-15T13:25:06.327000", "db": "NVD", "id": "CVE-2021-44006" }, { "date": "2022-01-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1197" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1197" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Jt2go Jt2go Buffer error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1197" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1197" } ], "trust": 0.6 } }
var-202202-0028
Vulnerability from variot
The Datalogics APDFL library used in affected products is vulnerable to memory corruption condition while parsing specially crafted PDF files. An attacker could leverage this vulnerability to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0028", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": null, "trust": 2.1, "vendor": "siemens", "version": null }, { "model": "teamcenter visualization", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.7" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.8" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.7" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-339" }, { "db": "ZDI", "id": "ZDI-22-337" }, { "db": "ZDI", "id": "ZDI-22-336" }, { "db": "JVNDB", "id": "JVNDB-2021-020743" }, { "db": "NVD", "id": "CVE-2021-38405" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.7", "versionStartIncluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:13.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.8", "versionStartIncluding": "13.1.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-38405" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-22-339" }, { "db": "ZDI", "id": "ZDI-22-337" }, { "db": "ZDI", "id": "ZDI-22-336" }, { "db": "CNNVD", "id": "CNNVD-202202-946" } ], "trust": 2.7 }, "cve": "CVE-2021-38405", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2021-38405", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-38405", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-38405", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-38405", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-38405", "trust": 1.4, "value": "LOW" }, { "author": "ics-cert@hq.dhs.gov", "id": "CVE-2021-38405", "trust": 1.0, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-38405", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202202-946", "trust": 0.6, "value": "LOW" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-339" }, { "db": "ZDI", "id": "ZDI-22-337" }, { "db": "ZDI", "id": "ZDI-22-336" }, { "db": "JVNDB", "id": "JVNDB-2021-020743" }, { "db": "CNNVD", "id": "CNNVD-202202-946" }, { "db": "NVD", "id": "CVE-2021-38405" }, { "db": "NVD", "id": "CVE-2021-38405" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The Datalogics APDFL library used in affected products is vulnerable to memory corruption condition\u00a0while parsing specially crafted PDF files. An attacker could leverage this vulnerability to execute code\u00a0in the context of the current process. Siemens\u0027 JT2Go and Teamcenter Visualization Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer", "sources": [ { "db": "NVD", "id": "CVE-2021-38405" }, { "db": "JVNDB", "id": "JVNDB-2021-020743" }, { "db": "ZDI", "id": "ZDI-22-339" }, { "db": "ZDI", "id": "ZDI-22-337" }, { "db": "ZDI", "id": "ZDI-22-336" }, { "db": "VULMON", "id": "CVE-2021-38405" } ], "trust": 3.6 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-38405", "trust": 5.4 }, { "db": "ICS CERT", "id": "ICSA-22-041-07", "trust": 2.5 }, { "db": "SIEMENS", "id": "SSA-301589", "trust": 1.9 }, { "db": "ZDI", "id": "ZDI-22-339", "trust": 1.3 }, { "db": "ZDI", "id": "ZDI-22-336", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU98748974", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-020743", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-15113", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-15108", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-22-337", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-15106", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022021109", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202202-946", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-38405", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-339" }, { "db": "ZDI", "id": "ZDI-22-337" }, { "db": "ZDI", "id": "ZDI-22-336" }, { "db": "VULMON", "id": "CVE-2021-38405" }, { "db": "JVNDB", "id": "JVNDB-2021-020743" }, { "db": "CNNVD", "id": "CNNVD-202202-946" }, { "db": "NVD", "id": "CVE-2021-38405" } ] }, "id": "VAR-202202-0028", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2024-01-18T19:33:14.808000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 2.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "title": "Siemens Jt2go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=182233" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=fefc850707fc7ccce29d30c42162ee31" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-339" }, { "db": "ZDI", "id": "ZDI-22-337" }, { "db": "ZDI", "id": "ZDI-22-336" }, { "db": "VULMON", "id": "CVE-2021-38405" }, { "db": "CNNVD", "id": "CNNVD-202202-946" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-020743" }, { "db": "NVD", "id": "CVE-2021-38405" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 4.0, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "trust": 1.9, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-041-07" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu98748974/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38405" }, { "trust": 0.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-22-339/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022021109" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-041-07-1" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-041-07-0" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.zerodayinitiative.com/advisories/zdi-22-336/" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-041-07" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-339" }, { "db": "ZDI", "id": "ZDI-22-337" }, { "db": "ZDI", "id": "ZDI-22-336" }, { "db": "VULMON", "id": "CVE-2021-38405" }, { "db": "JVNDB", "id": "JVNDB-2021-020743" }, { "db": "CNNVD", "id": "CNNVD-202202-946" }, { "db": "NVD", "id": "CVE-2021-38405" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-22-339" }, { "db": "ZDI", "id": "ZDI-22-337" }, { "db": "ZDI", "id": "ZDI-22-336" }, { "db": "VULMON", "id": "CVE-2021-38405" }, { "db": "JVNDB", "id": "JVNDB-2021-020743" }, { "db": "CNNVD", "id": "CNNVD-202202-946" }, { "db": "NVD", "id": "CVE-2021-38405" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-15T00:00:00", "db": "ZDI", "id": "ZDI-22-339" }, { "date": "2022-02-15T00:00:00", "db": "ZDI", "id": "ZDI-22-337" }, { "date": "2022-02-15T00:00:00", "db": "ZDI", "id": "ZDI-22-336" }, { "date": "2023-11-21T00:00:00", "db": "VULMON", "id": "CVE-2021-38405" }, { "date": "2024-01-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-020743" }, { "date": "2022-02-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202202-946" }, { "date": "2023-11-21T19:15:07.647000", "db": "NVD", "id": "CVE-2021-38405" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-15T00:00:00", "db": "ZDI", "id": "ZDI-22-339" }, { "date": "2022-02-15T00:00:00", "db": "ZDI", "id": "ZDI-22-337" }, { "date": "2022-02-15T00:00:00", "db": "ZDI", "id": "ZDI-22-336" }, { "date": "2023-11-21T00:00:00", "db": "VULMON", "id": "CVE-2021-38405" }, { "date": "2024-01-11T06:17:00", "db": "JVNDB", "id": "JVNDB-2021-020743" }, { "date": "2022-02-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202202-946" }, { "date": "2023-11-30T05:39:30.360000", "db": "NVD", "id": "CVE-2021-38405" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens JT2Go PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-22-339" }, { "db": "ZDI", "id": "ZDI-22-337" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202202-946" } ], "trust": 0.6 } }
var-202205-0953
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens JT2GO and Teamcenter Visualization
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0953", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.1" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.3" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.3" } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29029" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.1", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.3", "versionStartIncluding": "13.3", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29029" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "reported these vulnerabilities to CISA., of ADLab of Venustech,Jin Huang", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3139" } ], "trust": 0.6 }, "cve": "CVE-2022-29029", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-29029", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202205-3139", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29029" }, { "db": "CNNVD", "id": "CNNVD-202205-3139" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.3.0.3), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.3), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens JT2GO and Teamcenter Visualization", "sources": [ { "db": "NVD", "id": "CVE-2022-29029" }, { "db": "VULMON", "id": "CVE-2022-29029" } ], "trust": 0.99 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-29029", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-553086", "trust": 1.6 }, { "db": "ICS CERT", "id": "ICSA-22-132-09", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022051211", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.2350", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202205-3139", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-29029", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-29029" }, { "db": "NVD", "id": "CVE-2022-29029" }, { "db": "CNNVD", "id": "CNNVD-202205-3139" } ] }, "id": "VAR-202205-0953", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:56:05.364000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens JT2GO and Siemens Teamcenter Visualization Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=194239" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3139" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29029" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-132-09" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.2350" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022051211" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-29029/" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-09" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-29029" }, { "db": "NVD", "id": "CVE-2022-29029" }, { "db": "CNNVD", "id": "CNNVD-202205-3139" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-29029" }, { "db": "NVD", "id": "CVE-2022-29029" }, { "db": "CNNVD", "id": "CNNVD-202205-3139" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-20T13:15:15.600000", "db": "NVD", "id": "CVE-2022-29029" }, { "date": "2022-05-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202205-3139" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-26T22:59:29.667000", "db": "NVD", "id": "CVE-2022-29029" }, { "date": "2022-05-30T00:00:00", "db": "CNNVD", "id": "CNNVD-202205-3139" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3139" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens JT2GO and Siemens Teamcenter Visualization Code problem vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3139" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3139" } ], "trust": 0.6 } }
var-202309-0579
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20825). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of WRL files
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202309-0579", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "tecnomatix plant simulation", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2201.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.6" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.3.0.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.4.0.12" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.11" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.3.0.1" }, { "model": "tecnomatix plant simulation", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2302.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.2" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.3" }, { "model": "tecnomatix plant simulation", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2201.0010" }, { "model": "tecnomatix plant simulation", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2302.0004" }, { "model": "tecnomatix plant simulation", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1630" }, { "db": "NVD", "id": "CVE-2023-38072" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-23-1630" } ], "trust": 0.7 }, "cve": "CVE-2023-38072", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2023-38072", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2023-38072", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2023-38072", "trust": 1.0, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2023-38072", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1630" }, { "db": "NVD", "id": "CVE-2023-38072" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.1), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions \u003c V2201.0010), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0004). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20825). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of WRL files", "sources": [ { "db": "NVD", "id": "CVE-2023-38072" }, { "db": "ZDI", "id": "ZDI-23-1630" }, { "db": "VULMON", "id": "CVE-2023-38072" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-38072", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-278349", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-478780", "trust": 1.0 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-20825", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-1630", "trust": 0.7 }, { "db": "VULMON", "id": "CVE-2023-38072", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1630" }, { "db": "VULMON", "id": "CVE-2023-38072" }, { "db": "NVD", "id": "CVE-2023-38072" } ] }, "id": "VAR-202309-0579", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.2690208 }, "last_update_date": "2024-08-14T12:19:45.359000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-278349.html" } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1630" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-38072" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" }, { "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-278349.html" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1630" }, { "db": "VULMON", "id": "CVE-2023-38072" }, { "db": "NVD", "id": "CVE-2023-38072" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-23-1630" }, { "db": "VULMON", "id": "CVE-2023-38072" }, { "db": "NVD", "id": "CVE-2023-38072" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-14T00:00:00", "db": "ZDI", "id": "ZDI-23-1630" }, { "date": "2023-09-12T00:00:00", "db": "VULMON", "id": "CVE-2023-38072" }, { "date": "2023-09-12T10:15:27.863000", "db": "NVD", "id": "CVE-2023-38072" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-14T00:00:00", "db": "ZDI", "id": "ZDI-23-1630" }, { "date": "2023-09-12T00:00:00", "db": "VULMON", "id": "CVE-2023-38072" }, { "date": "2024-02-16T15:08:06.607000", "db": "NVD", "id": "CVE-2023-38072" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-23-1630" } ], "trust": 0.7 } }
var-202211-0307
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V13.3 (All versions >= V13.3.0.7 < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application is vulnerable to fixed-length heap-based buffer while parsing specially crafted TIF files. An attacker could leverage this vulnerability to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202211-0307", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.7" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.4" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.4" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.3" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022837" }, { "db": "NVD", "id": "CVE-2022-39136" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.3", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.4", "versionStartIncluding": "14.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.3.0.7", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-39136" } ] }, "cve": "CVE-2022-39136", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-39136", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-39136", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2022-39136", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202211-2320", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022837" }, { "db": "NVD", "id": "CVE-2022-39136" }, { "db": "NVD", "id": "CVE-2022-39136" }, { "db": "CNNVD", "id": "CNNVD-202211-2320" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.4), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.7), Teamcenter Visualization V13.3 (All versions \u003e= V13.3.0.7 \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.3), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.4). The affected application is vulnerable to fixed-length heap-based buffer while parsing specially crafted TIF files. An attacker could leverage this vulnerability to execute code in the context of the current process. Siemens\u0027 JT2Go and Teamcenter Visualization Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-39136" }, { "db": "JVNDB", "id": "JVNDB-2022-022837" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-39136", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-120378", "trust": 2.4 }, { "db": "ICS CERT", "id": "ICSA-22-314-09", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU93762879", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-022837", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202211-2320", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022837" }, { "db": "NVD", "id": "CVE-2022-39136" }, { "db": "CNNVD", "id": "CNNVD-202211-2320" } ] }, "id": "VAR-202211-0307", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:29:39.580000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens JT2Go and Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=213374" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-2320" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022837" }, { "db": "NVD", "id": "CVE-2022-39136" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93762879/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-39136" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-314-09" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-39136/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022837" }, { "db": "NVD", "id": "CVE-2022-39136" }, { "db": "CNNVD", "id": "CNNVD-202211-2320" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2022-022837" }, { "db": "NVD", "id": "CVE-2022-39136" }, { "db": "CNNVD", "id": "CNNVD-202211-2320" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-022837" }, { "date": "2022-11-08T11:15:11.247000", "db": "NVD", "id": "CVE-2022-39136" }, { "date": "2022-11-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202211-2320" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-21T01:52:00", "db": "JVNDB", "id": "JVNDB-2022-022837" }, { "date": "2023-06-13T09:15:14.517000", "db": "NVD", "id": "CVE-2022-39136" }, { "date": "2023-06-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202211-2320" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-2320" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds write vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022837" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-2320" } ], "trust": 0.6 } }
var-202106-1190
Vulnerability from variot
An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.5) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or read sensitive information from memory locations. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DWG files. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages. A buffer error vulnerability exists in the Drawings SDK, which originates from a boundary condition in the recovery process of DWG files. Affected products and versions are as follows: Drawings SDK: Before 2022.4
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "drawing sdk", "scope": null, "trust": 1.4, "vendor": "open design alliance oda", "version": null }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.1" }, { "_id": null, "model": "drawings sdk", "scope": "lt", "trust": 1.0, "vendor": "opendesign", "version": "2022.5" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.1" }, { "_id": null, "model": "comos", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "10.4.1" }, { "_id": null, "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": "2022.4 all previous s - cve-2021-32938 , cve-2021-32936 , cve-2021-32940 , cve-2021-32948 , cve-2021-32950 , cve-2021-32944" }, { "_id": null, "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": "2022.5 all previous s - cve-2021-32946 , cve-2021-32952" }, { "_id": null, "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-986" }, { "db": "ZDI", "id": "ZDI-23-134" }, { "db": "ZDI", "id": "ZDI-23-120" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "NVD", "id": "CVE-2021-32940" } ] }, "credits": { "_id": null, "data": "Mat Powell \u0026 Jimmy Calderon (@vectors2final) of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-23-134" }, { "db": "ZDI", "id": "ZDI-23-120" } ], "trust": 1.4 }, "cve": "CVE-2021-32940", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-32940", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-392926", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2021-32940", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-32940", "impactScore": 5.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "IPA", "availabilityImpact": "Low", "baseScore": 4.4, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "JVNDB-2021-001881", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-32940", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2021-32940", "trust": 1.4, "value": "LOW" }, { "author": "nvd@nist.gov", "id": "CVE-2021-32940", "trust": 1.0, "value": "HIGH" }, { "author": "IPA", "id": "JVNDB-2021-001881", "trust": 0.8, "value": "Medium" }, { "author": "ZDI", "id": "CVE-2021-32940", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202106-681", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-392926", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-32940", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-986" }, { "db": "ZDI", "id": "ZDI-23-134" }, { "db": "ZDI", "id": "ZDI-23-120" }, { "db": "VULHUB", "id": "VHN-392926" }, { "db": "VULMON", "id": "CVE-2021-32940" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202106-681" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "NVD", "id": "CVE-2021-32940" } ] }, "description": { "_id": null, "data": "An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.5) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or read sensitive information from memory locations. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DWG files. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages. A buffer error vulnerability exists in the Drawings SDK, which originates from a boundary condition in the recovery process of DWG files. Affected products and versions are as follows: Drawings SDK: Before 2022.4", "sources": [ { "db": "NVD", "id": "CVE-2021-32940" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "ZDI", "id": "ZDI-21-986" }, { "db": "ZDI", "id": "ZDI-23-134" }, { "db": "ZDI", "id": "ZDI-23-120" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-392926" }, { "db": "VULMON", "id": "CVE-2021-32940" } ], "trust": 4.23 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-32940", "trust": 5.5 }, { "db": "ICS CERT", "id": "ICSA-21-159-02", "trust": 2.6 }, { "db": "ZDI", "id": "ZDI-21-986", "trust": 2.5 }, { "db": "SIEMENS", "id": "SSA-155599", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-365397", "trust": 1.8 }, { "db": "ZDI", "id": "ZDI-23-120", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU97514209", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95145431", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-23-047-01", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-001881", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13412", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19154", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-134", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19134", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-22-069-06", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021081108", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031102", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021060909", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-222-01", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2046", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2700", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1047", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202106-681", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-392926", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-32940", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-986" }, { "db": "ZDI", "id": "ZDI-23-134" }, { "db": "ZDI", "id": "ZDI-23-120" }, { "db": "VULHUB", "id": "VHN-392926" }, { "db": "VULMON", "id": "CVE-2021-32940" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202106-681" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "NVD", "id": "CVE-2021-32940" } ] }, "id": "VAR-202106-1190", "iot": { "_id": null, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-392926" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T12:13:59.123000Z", "patch": { "_id": null, "data": [ { "title": "", "trust": 1.4, "url": "https://www.opendesign.com/security-advisories" }, { "title": "Open\u00a0Design\u00a0Alliance\u00a0( Login required ) Open\u00a0Design\u00a0Alliance", "trust": 0.8, "url": "https://docs.opendesign.com/td/frames.html?frmname=topic\u0026frmfile=MovingToNewVersion.html" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "title": "Open Design Alliance Drawings SDK Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=154859" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=dce38d2a1ec28e091a143e851596b2e8" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b2237aa5ac819041f827cc4fd4128631" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-986" }, { "db": "ZDI", "id": "ZDI-23-134" }, { "db": "ZDI", "id": "ZDI-23-120" }, { "db": "VULMON", "id": "CVE-2021-32940" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202106-681" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.1 }, { "problemtype": "Out-of-bounds read (CWE-125) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Use of freed memory (CWE-416) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Improper checking in exceptional conditions (CWE-754) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [IPA evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-392926" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "NVD", "id": "CVE-2021-32940" } ] }, "references": { "_id": null, "data": [ { "trust": 2.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-986/" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "trust": 1.4, "url": "https://www.opendesign.com/security-advisories" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32940" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu95145431" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu97514209/index.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32936" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32938" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32944" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32946" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32948" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32950" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32952" }, { "trust": 0.8, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-047-01" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1047" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2046" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021081108" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2700" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021060909" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031102" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-06" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.zerodayinitiative.com/advisories/zdi-23-120/" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-06" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-986" }, { "db": "ZDI", "id": "ZDI-23-134" }, { "db": "ZDI", "id": "ZDI-23-120" }, { "db": "VULHUB", "id": "VHN-392926" }, { "db": "VULMON", "id": "CVE-2021-32940" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202106-681" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "NVD", "id": "CVE-2021-32940" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-986", "ident": null }, { "db": "ZDI", "id": "ZDI-23-134", "ident": null }, { "db": "ZDI", "id": "ZDI-23-120", "ident": null }, { "db": "VULHUB", "id": "VHN-392926", "ident": null }, { "db": "VULMON", "id": "CVE-2021-32940", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-001881", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202106-681", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "db": "NVD", "id": "CVE-2021-32940", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-986", "ident": null }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-134", "ident": null }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-120", "ident": null }, { "date": "2021-06-17T00:00:00", "db": "VULHUB", "id": "VHN-392926", "ident": null }, { "date": "2021-06-17T00:00:00", "db": "VULMON", "id": "CVE-2021-32940", "ident": null }, { "date": "2021-06-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-001881", "ident": null }, { "date": "2021-06-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-681", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2021-06-17T13:15:07.923000", "db": "NVD", "id": "CVE-2021-32940", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-986", "ident": null }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-134", "ident": null }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-120", "ident": null }, { "date": "2023-01-13T00:00:00", "db": "VULHUB", "id": "VHN-392926", "ident": null }, { "date": "2023-03-28T00:00:00", "db": "VULMON", "id": "CVE-2021-32940", "ident": null }, { "date": "2023-02-17T05:48:00", "db": "JVNDB", "id": "JVNDB-2021-001881", "ident": null }, { "date": "2023-01-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-681", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2023-03-28T17:12:49.597000", "db": "NVD", "id": "CVE-2021-32940", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202106-681" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Open\u00a0Design\u00a0Alliance\u00a0 Made \u00a0Drawings\u00a0SDK\u00a0 Multiple vulnerabilities in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001881" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202106-681" } ], "trust": 0.6 } }
var-202107-1399
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13199). JT2Go and Teamcenter Visualization There are input validation and out-of-bounds read vulnerabilities. Zero Day Initiative To this vulnerability ZDI-CAN-13199 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIF files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-874" }, { "db": "JVNDB", "id": "JVNDB-2021-009334" }, { "db": "NVD", "id": "CVE-2021-34304" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34304" } ] }, "credits": { "_id": null, "data": "xina1i at SecZone", "sources": [ { "db": "ZDI", "id": "ZDI-21-874" } ], "trust": 0.7 }, "cve": "CVE-2021-34304", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34304", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34304", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2021-34304", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34304", "trust": 1.8, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2021-34304", "trust": 0.7, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202107-879", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-34304", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-874" }, { "db": "VULMON", "id": "CVE-2021-34304" }, { "db": "JVNDB", "id": "JVNDB-2021-009334" }, { "db": "NVD", "id": "CVE-2021-34304" }, { "db": "CNNVD", "id": "CNNVD-202107-879" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13199). JT2Go and Teamcenter Visualization There are input validation and out-of-bounds read vulnerabilities. Zero Day Initiative To this vulnerability ZDI-CAN-13199 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIF files", "sources": [ { "db": "NVD", "id": "CVE-2021-34304" }, { "db": "JVNDB", "id": "JVNDB-2021-009334" }, { "db": "ZDI", "id": "ZDI-21-874" }, { "db": "VULMON", "id": "CVE-2021-34304" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34304", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-874", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009334", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13199", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-879", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34304", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-874" }, { "db": "VULMON", "id": "CVE-2021-34304" }, { "db": "JVNDB", "id": "JVNDB-2021-009334" }, { "db": "NVD", "id": "CVE-2021-34304" }, { "db": "CNNVD", "id": "CNNVD-202107-879" } ] }, "id": "VAR-202107-1399", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:42:32.717000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=156572" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34304 " } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-874" }, { "db": "VULMON", "id": "CVE-2021-34304" }, { "db": "JVNDB", "id": "JVNDB-2021-009334" }, { "db": "CNNVD", "id": "CNNVD-202107-879" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009334" }, { "db": "NVD", "id": "CVE-2021-34304" } ] }, "references": { "_id": null, "data": [ { "trust": 3.2, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-874/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34304" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34304" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-874" }, { "db": "VULMON", "id": "CVE-2021-34304" }, { "db": "JVNDB", "id": "JVNDB-2021-009334" }, { "db": "NVD", "id": "CVE-2021-34304" }, { "db": "CNNVD", "id": "CNNVD-202107-879" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-874", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34304", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009334", "ident": null }, { "db": "NVD", "id": "CVE-2021-34304", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-879", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-874", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34304", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009334", "ident": null }, { "date": "2021-07-13T11:15:11.210000", "db": "NVD", "id": "CVE-2021-34304", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-879", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-874", "ident": null }, { "date": "2022-10-07T00:00:00", "db": "VULMON", "id": "CVE-2021-34304", "ident": null }, { "date": "2022-04-20T08:59:00", "db": "JVNDB", "id": "JVNDB-2021-009334", "ident": null }, { "date": "2022-10-07T20:47:57.363000", "db": "NVD", "id": "CVE-2021-34304", "ident": null }, { "date": "2022-10-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-879", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-879" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009334" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-879" } ], "trust": 0.6 } }
var-202107-1427
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in an infinite loop condition that leads to denial of service condition. An attacker could leverage this vulnerability to consume excessive resources. (CNVD-C-2021-79300). JT2Go and Teamcenter Visualization Exists in an infinite loop vulnerability.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-1427", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009273" }, { "db": "NVD", "id": "CVE-2021-34332" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34332" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Brian Gorenc and Mat Powell of Trend Micro Zero Day Initiative; garmin and xina1i at SecZone; and Tran Van Khang - khangkito (VinCSS) working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-931" } ], "trust": 0.6 }, "cve": "CVE-2021-34332", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-34332", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-34332", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34332", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-931", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-34332", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-34332" }, { "db": "JVNDB", "id": "JVNDB-2021-009273" }, { "db": "NVD", "id": "CVE-2021-34332" }, { "db": "CNNVD", "id": "CNNVD-202107-931" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in an infinite loop condition that leads to denial of service condition. An attacker could leverage this vulnerability to consume excessive resources. (CNVD-C-2021-79300). JT2Go and Teamcenter Visualization Exists in an infinite loop vulnerability.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-34332" }, { "db": "JVNDB", "id": "JVNDB-2021-009273" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-34332" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-34332", "trust": 3.3 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009273", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021071508", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-931", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34332", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-34332" }, { "db": "JVNDB", "id": "JVNDB-2021-009273" }, { "db": "NVD", "id": "CVE-2021-34332" }, { "db": "CNNVD", "id": "CNNVD-202107-931" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "id": "VAR-202107-1427", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:49:52.282000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156624" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-34332" }, { "db": "JVNDB", "id": "JVNDB-2021-009273" }, { "db": "CNNVD", "id": "CNNVD-202107-931" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-835", "trust": 1.0 }, { "problemtype": "infinite loop (CWE-835) [ Other ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009273" }, { "db": "NVD", "id": "CVE-2021-34332" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34332" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071508" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/835.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-483182.txt" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-34332" }, { "db": "JVNDB", "id": "JVNDB-2021-009273" }, { "db": "NVD", "id": "CVE-2021-34332" }, { "db": "CNNVD", "id": "CNNVD-202107-931" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-34332" }, { "db": "JVNDB", "id": "JVNDB-2021-009273" }, { "db": "NVD", "id": "CVE-2021-34332" }, { "db": "CNNVD", "id": "CNNVD-202107-931" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34332" }, { "date": "2022-04-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009273" }, { "date": "2021-07-13T11:15:13.417000", "db": "NVD", "id": "CVE-2021-34332" }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-931" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-15T00:00:00", "db": "VULMON", "id": "CVE-2021-34332" }, { "date": "2022-04-19T09:13:00", "db": "JVNDB", "id": "JVNDB-2021-009273" }, { "date": "2021-07-15T18:08:12.817000", "db": "NVD", "id": "CVE-2021-34332" }, { "date": "2021-07-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-931" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-931" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Infinite loop vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009273" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-931" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 1.2 } }
var-202107-1423
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13424). Zero Day Initiative To this vulnerability ZDI-CAN-13424 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "solid edge", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "se2021" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "solid edge", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "se2021" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "solid edge", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-866" }, { "db": "JVNDB", "id": "JVNDB-2021-009277" }, { "db": "NVD", "id": "CVE-2021-34328" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "se2021", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34328" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-866" } ], "trust": 0.7 }, "cve": "CVE-2021-34328", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34328", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34328", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34328", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34328", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34328", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-926", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-34328", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-866" }, { "db": "VULMON", "id": "CVE-2021-34328" }, { "db": "JVNDB", "id": "JVNDB-2021-009277" }, { "db": "NVD", "id": "CVE-2021-34328" }, { "db": "CNNVD", "id": "CNNVD-202107-926" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Solid Edge SE2021 (All Versions \u003c SE2021MP5), Teamcenter Visualization (All versions \u003c V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13424). Zero Day Initiative To this vulnerability ZDI-CAN-13424 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-34328" }, { "db": "JVNDB", "id": "JVNDB-2021-009277" }, { "db": "ZDI", "id": "ZDI-21-866" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-34328" } ], "trust": 2.88 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34328", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-866", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-173615", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009277", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13424", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.2403", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021071508", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-926", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34328", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-866" }, { "db": "VULMON", "id": "CVE-2021-34328" }, { "db": "JVNDB", "id": "JVNDB-2021-009277" }, { "db": "NVD", "id": "CVE-2021-34328" }, { "db": "CNNVD", "id": "CNNVD-202107-926" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "id": "VAR-202107-1423", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:44:02.528000Z", "patch": { "_id": null, "data": [ { "title": "SSA-173615 Siemens\u00a0Security\u00a0Advisory", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=156619" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=e172da356a059f9e1b4ef7215ce64ef1" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34328 " } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-866" }, { "db": "VULMON", "id": "CVE-2021-34328" }, { "db": "JVNDB", "id": "JVNDB-2021-009277" }, { "db": "CNNVD", "id": "CNNVD-202107-926" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009277" }, { "db": "NVD", "id": "CVE-2021-34328" } ] }, "references": { "_id": null, "data": [ { "trust": 3.2, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-866/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34328" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071508" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2403" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34328" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-866" }, { "db": "VULMON", "id": "CVE-2021-34328" }, { "db": "JVNDB", "id": "JVNDB-2021-009277" }, { "db": "NVD", "id": "CVE-2021-34328" }, { "db": "CNNVD", "id": "CNNVD-202107-926" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-866", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34328", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009277", "ident": null }, { "db": "NVD", "id": "CVE-2021-34328", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-926", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-866", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34328", "ident": null }, { "date": "2022-04-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009277", "ident": null }, { "date": "2021-07-13T11:15:13.087000", "db": "NVD", "id": "CVE-2021-34328", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-926", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-866", "ident": null }, { "date": "2022-10-07T00:00:00", "db": "VULMON", "id": "CVE-2021-34328", "ident": null }, { "date": "2022-04-19T09:29:00", "db": "JVNDB", "id": "JVNDB-2021-009277", "ident": null }, { "date": "2022-10-07T20:47:23.320000", "db": "NVD", "id": "CVE-2021-34328", "ident": null }, { "date": "2022-10-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-926", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-926" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Out-of-bounds write vulnerabilities in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009277" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-926" } ], "trust": 0.6 } }
var-202101-0349
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11891). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-11891 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT,
VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment.
JT2Go and Teamcenter Visualization have security vulnerabilities
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-049" }, { "db": "CNVD", "id": "CNVD-2021-02583" }, { "db": "JVNDB", "id": "JVNDB-2020-015270" }, { "db": "NVD", "id": "CVE-2020-26988" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-21-049" } ], "trust": 0.7 }, "cve": "CVE-2020-26988", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-26988", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2021-02583", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2020-26988", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-26988", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-26988", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-26988", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2020-26988", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2020-26988", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2021-02583", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202101-845", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-049" }, { "db": "CNVD", "id": "CNVD-2021-02583" }, { "db": "JVNDB", "id": "JVNDB-2020-015270" }, { "db": "CNNVD", "id": "CNNVD-202101-845" }, { "db": "NVD", "id": "CVE-2020-26988" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11891). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-11891 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT,\r\n\r\nVFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment. \n\r\n\r\nJT2Go and Teamcenter Visualization have security vulnerabilities", "sources": [ { "db": "NVD", "id": "CVE-2020-26988" }, { "db": "JVNDB", "id": "JVNDB-2020-015270" }, { "db": "ZDI", "id": "ZDI-21-049" }, { "db": "CNVD", "id": "CNVD-2021-02583" } ], "trust": 2.79 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-26988", "trust": 3.7 }, { "db": "ZDI", "id": "ZDI-21-049", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-622830", "trust": 2.2 }, { "db": "JVN", "id": "JVNVU91685542", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015270", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11891", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2021-02583", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0125", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-012-03", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-845", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-049" }, { "db": "CNVD", "id": "CNVD-2021-02583" }, { "db": "JVNDB", "id": "JVNDB-2020-015270" }, { "db": "CNNVD", "id": "CNNVD-202101-845" }, { "db": "NVD", "id": "CVE-2020-26988" } ] }, "id": "VAR-202101-0349", "iot": { "_id": null, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-02583" } ], "trust": 0.06 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02583" } ] }, "last_update_date": "2024-11-23T21:29:48.209000Z", "patch": { "_id": null, "data": [ { "title": "SSA-622830", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "title": "Patch for Unspecified vulnerability exists in JT2Go and Teamcenter Visualization (CNVD-2021-02583)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/243985" }, { "title": "Siemens Jt2go and Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139357" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-049" }, { "db": "CNVD", "id": "CNVD-2021-02583" }, { "db": "JVNDB", "id": "JVNDB-2020-015270" }, { "db": "CNNVD", "id": "CNNVD-202101-845" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015270" }, { "db": "NVD", "id": "CVE-2020-26988" } ] }, "references": { "_id": null, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-049/" }, { "trust": 2.2, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26988" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91685542/" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0125/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-049" }, { "db": "CNVD", "id": "CNVD-2021-02583" }, { "db": "JVNDB", "id": "JVNDB-2020-015270" }, { "db": "CNNVD", "id": "CNNVD-202101-845" }, { "db": "NVD", "id": "CVE-2020-26988" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-049", "ident": null }, { "db": "CNVD", "id": "CNVD-2021-02583", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015270", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202101-845", "ident": null }, { "db": "NVD", "id": "CVE-2020-26988", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-049", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02583", "ident": null }, { "date": "2021-09-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015270", "ident": null }, { "date": "2021-01-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-845", "ident": null }, { "date": "2021-01-12T21:15:17.120000", "db": "NVD", "id": "CVE-2020-26988", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-049", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02583", "ident": null }, { "date": "2021-09-15T08:33:00", "db": "JVNDB", "id": "JVNDB-2020-015270", "ident": null }, { "date": "2021-02-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-845", "ident": null }, { "date": "2024-11-21T05:20:38.093000", "db": "NVD", "id": "CVE-2020-26988", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-845" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds Vulnerability in Microsoft", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015270" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-845" } ], "trust": 0.6 } }
var-202107-1413
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing PCT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13403). JT2Go and Teamcenter Visualization Is vulnerable to input validation. Zero Day Initiative To this vulnerability ZDI-CAN-13403 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PCT files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-854" }, { "db": "JVNDB", "id": "JVNDB-2021-009318" }, { "db": "NVD", "id": "CVE-2021-34318" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34318" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-854" } ], "trust": 0.7 }, "cve": "CVE-2021-34318", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34318", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34318", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34318", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34318", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34318", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-902", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-34318", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-854" }, { "db": "VULMON", "id": "CVE-2021-34318" }, { "db": "JVNDB", "id": "JVNDB-2021-009318" }, { "db": "NVD", "id": "CVE-2021-34318" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-902" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing PCT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13403). JT2Go and Teamcenter Visualization Is vulnerable to input validation. Zero Day Initiative To this vulnerability ZDI-CAN-13403 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PCT files. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-34318" }, { "db": "JVNDB", "id": "JVNDB-2021-009318" }, { "db": "ZDI", "id": "ZDI-21-854" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-34318" } ], "trust": 2.88 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34318", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-854", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009318", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13403", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021071508", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-902", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34318", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-854" }, { "db": "VULMON", "id": "CVE-2021-34318" }, { "db": "JVNDB", "id": "JVNDB-2021-009318" }, { "db": "NVD", "id": "CVE-2021-34318" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-902" } ] }, "id": "VAR-202107-1413", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:09:17.062000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156595" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-854" }, { "db": "VULMON", "id": "CVE-2021-34318" }, { "db": "JVNDB", "id": "JVNDB-2021-009318" }, { "db": "CNNVD", "id": "CNNVD-202107-902" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009318" }, { "db": "NVD", "id": "CVE-2021-34318" } ] }, "references": { "_id": null, "data": [ { "trust": 2.5, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-854/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34318" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071508" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-854" }, { "db": "VULMON", "id": "CVE-2021-34318" }, { "db": "JVNDB", "id": "JVNDB-2021-009318" }, { "db": "NVD", "id": "CVE-2021-34318" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-902" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-854", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34318", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009318", "ident": null }, { "db": "NVD", "id": "CVE-2021-34318", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-902", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-854", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34318", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009318", "ident": null }, { "date": "2021-07-13T11:15:12.297000", "db": "NVD", "id": "CVE-2021-34318", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-902", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-854", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "VULMON", "id": "CVE-2021-34318", "ident": null }, { "date": "2022-04-20T08:12:00", "db": "JVNDB", "id": "JVNDB-2021-009318", "ident": null }, { "date": "2021-09-20T12:31:24.257000", "db": "NVD", "id": "CVE-2021-34318", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2021-08-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-902", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-902" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009318" } ], "trust": 0.8 }, "type": { "_id": null, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
var-202308-0233
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter Visualization V13.2 (All versions < V13.2.0.15), Teamcenter Visualization V13.3 (All versions < V13.3.0.11), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process. JT2Go , Teamcenter Visualization , solid edge se2022 A number of Siemens products, including Freed Memory Usage Vulnerability, exist in several Siemens products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202308-0233", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "solid edge se2022", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "maintenance_pack_8" }, { "model": "solid edge se2023", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "update_0002" }, { "model": "solid edge se2022", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "maintenance_pack_2" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.5" }, { "model": "solid edge se2022", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "maintenance_pack_12" }, { "model": "solid edge se2022", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "maintenance_pack_5" }, { "model": "solid edge se2022", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "maintenance_pack_10" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.5" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.2" }, { "model": "solid edge se2023", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "update_0003" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.11" }, { "model": "solid edge se2022", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "maintenance_pack_7" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.11" }, { "model": "solid edge se2022", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "maintenance_pack_4" }, { "model": "solid edge se2022", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "maintenance_pack_11" }, { "model": "solid edge se2022", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "maintenance_pack_3" }, { "model": "solid edge se2022", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "maintenance_pack_9" }, { "model": "solid edge se2023", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.15" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "solid edge se2022", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "maintenance_pack_1" }, { "model": "solid edge se2022", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "solid edge se2023", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "update_0001" }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "solid edge se2022", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "solid edge se2023", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021527" }, { "db": "NVD", "id": "CVE-2023-28830" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.2.0.5", "versionStartIncluding": "14.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.2.0.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.11", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.15", "versionStartIncluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.11", "versionStartIncluding": "14.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2022:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2023:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2023:update_0001:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2023:update_0002:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2023:update_0003:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-28830" } ] }, "cve": "CVE-2023-28830", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-28830", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-28830", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2023-28830", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021527" }, { "db": "NVD", "id": "CVE-2023-28830" }, { "db": "NVD", "id": "CVE-2023-28830" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.2.0.5), Solid Edge SE2022 (All versions \u003c V222.0 Update 13), Solid Edge SE2023 (All versions \u003c V223.0 Update 4), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.15), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.11), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process. JT2Go , Teamcenter Visualization , solid edge se2022 A number of Siemens products, including Freed Memory Usage Vulnerability, exist in several Siemens products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-28830" }, { "db": "JVNDB", "id": "JVNDB-2023-021527" }, { "db": "VULMON", "id": "CVE-2023-28830" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-28830", "trust": 2.7 }, { "db": "SIEMENS", "id": "SSA-131450", "trust": 1.9 }, { "db": "JVN", "id": "JVNVU90056839", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-23-222-01", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-021527", "trust": 0.8 }, { "db": "VULMON", "id": "CVE-2023-28830", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-28830" }, { "db": "JVNDB", "id": "JVNDB-2023-021527" }, { "db": "NVD", "id": "CVE-2023-28830" } ] }, "id": "VAR-202308-0233", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2024-01-20T20:31:43.959000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-416", "trust": 1.0 }, { "problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021527" }, { "db": "NVD", "id": "CVE-2023-28830" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu90056839/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-28830" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-222-01" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-28830" }, { "db": "JVNDB", "id": "JVNDB-2023-021527" }, { "db": "NVD", "id": "CVE-2023-28830" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2023-28830" }, { "db": "JVNDB", "id": "JVNDB-2023-021527" }, { "db": "NVD", "id": "CVE-2023-28830" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-08-08T00:00:00", "db": "VULMON", "id": "CVE-2023-28830" }, { "date": "2024-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-021527" }, { "date": "2023-08-08T10:15:14.847000", "db": "NVD", "id": "CVE-2023-28830" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-08-08T00:00:00", "db": "VULMON", "id": "CVE-2023-28830" }, { "date": "2024-01-19T06:45:00", "db": "JVNDB", "id": "JVNDB-2023-021527" }, { "date": "2023-08-15T16:54:21.120000", "db": "NVD", "id": "CVE-2023-28830" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Use of Freed Memory Vulnerability in Multiple Siemens Products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021527" } ], "trust": 0.8 } }
var-202107-1426
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13442). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13442 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-869" }, { "db": "JVNDB", "id": "JVNDB-2021-009274" }, { "db": "NVD", "id": "CVE-2021-34331" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34331" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-869" } ], "trust": 0.7 }, "cve": "CVE-2021-34331", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34331", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34331", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34331", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34331", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34331", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-929", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-34331", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-869" }, { "db": "VULMON", "id": "CVE-2021-34331" }, { "db": "JVNDB", "id": "JVNDB-2021-009274" }, { "db": "NVD", "id": "CVE-2021-34331" }, { "db": "CNNVD", "id": "CNNVD-202107-929" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13442). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13442 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-34331" }, { "db": "JVNDB", "id": "JVNDB-2021-009274" }, { "db": "ZDI", "id": "ZDI-21-869" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-34331" } ], "trust": 2.88 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34331", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-869", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009274", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13442", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021071508", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-929", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34331", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-869" }, { "db": "VULMON", "id": "CVE-2021-34331" }, { "db": "JVNDB", "id": "JVNDB-2021-009274" }, { "db": "NVD", "id": "CVE-2021-34331" }, { "db": "CNNVD", "id": "CNNVD-202107-929" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "id": "VAR-202107-1426", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:36:02.863000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156622" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-869" }, { "db": "VULMON", "id": "CVE-2021-34331" }, { "db": "JVNDB", "id": "JVNDB-2021-009274" }, { "db": "CNNVD", "id": "CNNVD-202107-929" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009274" }, { "db": "NVD", "id": "CVE-2021-34331" } ] }, "references": { "_id": null, "data": [ { "trust": 2.5, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-869/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34331" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071508" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-869" }, { "db": "VULMON", "id": "CVE-2021-34331" }, { "db": "JVNDB", "id": "JVNDB-2021-009274" }, { "db": "NVD", "id": "CVE-2021-34331" }, { "db": "CNNVD", "id": "CNNVD-202107-929" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-869", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34331", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009274", "ident": null }, { "db": "NVD", "id": "CVE-2021-34331", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-929", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-869", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34331", "ident": null }, { "date": "2022-04-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009274", "ident": null }, { "date": "2021-07-13T11:15:13.333000", "db": "NVD", "id": "CVE-2021-34331", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-929", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-869", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "VULMON", "id": "CVE-2021-34331", "ident": null }, { "date": "2022-04-19T09:16:00", "db": "JVNDB", "id": "JVNDB-2021-009274", "ident": null }, { "date": "2021-07-27T16:11:51.137000", "db": "NVD", "id": "CVE-2021-34331", "ident": null }, { "date": "2021-07-20T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-929", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-929" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009274" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-929" } ], "trust": 0.6 } }
var-202112-0476
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Image.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted TIF files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15111). This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIF files
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0476", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-011" }, { "db": "NVD", "id": "CVE-2021-44017" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44017" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-22-011" }, { "db": "CNNVD", "id": "CNNVD-202112-1208" } ], "trust": 1.3 }, "cve": "CVE-2021-44017", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-44017", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2021-44017", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-44017", "trust": 1.0, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2021-44017", "trust": 0.7, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202112-1208", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-44017", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-011" }, { "db": "VULMON", "id": "CVE-2021-44017" }, { "db": "NVD", "id": "CVE-2021-44017" }, { "db": "CNNVD", "id": "CNNVD-202112-1208" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Image.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted TIF files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15111). This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIF files", "sources": [ { "db": "NVD", "id": "CVE-2021-44017" }, { "db": "ZDI", "id": "ZDI-22-011" }, { "db": "VULMON", "id": "CVE-2021-44017" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-44017", "trust": 2.4 }, { "db": "ZDI", "id": "ZDI-22-011", "trust": 2.4 }, { "db": "SIEMENS", "id": "SSA-595101", "trust": 1.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-15111", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022010614", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4300", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-350-10", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202112-1208", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-44017", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-011" }, { "db": "VULMON", "id": "CVE-2021-44017" }, { "db": "NVD", "id": "CVE-2021-44017" }, { "db": "CNNVD", "id": "CNNVD-202112-1208" } ] }, "id": "VAR-202112-0476", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:35:39.411000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdfhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10" }, { "title": "Siemens Jt2go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=174922" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=39139dcd04f2a523ea449623583b65af" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-011" }, { "db": "VULMON", "id": "CVE-2021-44017" }, { "db": "CNNVD", "id": "CNNVD-202112-1208" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44017" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-22-011/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdfhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-10" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4300" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010614" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-011" }, { "db": "VULMON", "id": "CVE-2021-44017" }, { "db": "NVD", "id": "CVE-2021-44017" }, { "db": "CNNVD", "id": "CNNVD-202112-1208" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-22-011" }, { "db": "VULMON", "id": "CVE-2021-44017" }, { "db": "NVD", "id": "CVE-2021-44017" }, { "db": "CNNVD", "id": "CNNVD-202112-1208" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-06T00:00:00", "db": "ZDI", "id": "ZDI-22-011" }, { "date": "2021-12-14T00:00:00", "db": "VULMON", "id": "CVE-2021-44017" }, { "date": "2021-12-14T12:15:10.870000", "db": "NVD", "id": "CVE-2021-44017" }, { "date": "2021-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1208" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-09T00:00:00", "db": "ZDI", "id": "ZDI-22-011" }, { "date": "2022-01-06T00:00:00", "db": "VULMON", "id": "CVE-2021-44017" }, { "date": "2022-03-30T13:02:54.673000", "db": "NVD", "id": "CVE-2021-44017" }, { "date": "2022-01-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1208" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1208" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens JT2Go TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-22-011" } ], "trust": 0.7 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1208" } ], "trust": 0.6 } }
var-202107-1417
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The JPEG2K_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13416). JT2Go and Teamcenter Visualization There is a vulnerability related to out-of-bounds reading and a vulnerability related to input verification. Zero Day Initiative To this vulnerability ZDI-CAN-13416 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of J2K files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-859" }, { "db": "JVNDB", "id": "JVNDB-2021-009283" }, { "db": "NVD", "id": "CVE-2021-34322" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34322" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-859" } ], "trust": 0.7 }, "cve": "CVE-2021-34322", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34322", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34322", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2021-34322", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34322", "trust": 1.8, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2021-34322", "trust": 0.7, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-915", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-34322", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-859" }, { "db": "VULMON", "id": "CVE-2021-34322" }, { "db": "JVNDB", "id": "JVNDB-2021-009283" }, { "db": "NVD", "id": "CVE-2021-34322" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-915" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The JPEG2K_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13416). JT2Go and Teamcenter Visualization There is a vulnerability related to out-of-bounds reading and a vulnerability related to input verification. Zero Day Initiative To this vulnerability ZDI-CAN-13416 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of J2K files. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-34322" }, { "db": "JVNDB", "id": "JVNDB-2021-009283" }, { "db": "ZDI", "id": "ZDI-21-859" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-34322" } ], "trust": 2.88 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34322", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-859", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009283", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13416", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021071508", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-915", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34322", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-859" }, { "db": "VULMON", "id": "CVE-2021-34322" }, { "db": "JVNDB", "id": "JVNDB-2021-009283" }, { "db": "NVD", "id": "CVE-2021-34322" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-915" } ] }, "id": "VAR-202107-1417", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:46:18.060000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156608" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-859" }, { "db": "VULMON", "id": "CVE-2021-34322" }, { "db": "JVNDB", "id": "JVNDB-2021-009283" }, { "db": "CNNVD", "id": "CNNVD-202107-915" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009283" }, { "db": "NVD", "id": "CVE-2021-34322" } ] }, "references": { "_id": null, "data": [ { "trust": 3.1, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-859/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34322" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071508" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-859" }, { "db": "VULMON", "id": "CVE-2021-34322" }, { "db": "JVNDB", "id": "JVNDB-2021-009283" }, { "db": "NVD", "id": "CVE-2021-34322" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-915" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-859", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34322", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009283", "ident": null }, { "db": "NVD", "id": "CVE-2021-34322", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-915", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-859", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34322", "ident": null }, { "date": "2022-04-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009283", "ident": null }, { "date": "2021-07-13T11:15:12.607000", "db": "NVD", "id": "CVE-2021-34322", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-915", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-859", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "VULMON", "id": "CVE-2021-34322", "ident": null }, { "date": "2022-04-19T09:40:00", "db": "JVNDB", "id": "JVNDB-2021-009283", "ident": null }, { "date": "2021-07-27T16:28:20.887000", "db": "NVD", "id": "CVE-2021-34322", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2021-08-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-915", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-915" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009283" } ], "trust": 0.8 }, "type": { "_id": null, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
var-202101-0352
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing ASM files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11899). JT2Go and Teamcenter Visualization Has NULL A pointer dereference vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-11899 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of ASM files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.2" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.2" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null }, { "_id": null, "model": "jt2go", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-053" }, { "db": "CNVD", "id": "CNVD-2021-02580" }, { "db": "JVNDB", "id": "JVNDB-2020-015255" }, { "db": "NVD", "id": "CVE-2020-26991" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-21-053" } ], "trust": 0.7 }, "cve": "CVE-2020-26991", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-26991", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2021-02580", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2020-26991", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-26991", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-26991", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-26991", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2020-26991", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2020-26991", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2021-02580", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202101-844", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2020-26991", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-053" }, { "db": "CNVD", "id": "CNVD-2021-02580" }, { "db": "VULMON", "id": "CVE-2020-26991" }, { "db": "JVNDB", "id": "JVNDB-2020-015255" }, { "db": "CNNVD", "id": "CNNVD-202101-844" }, { "db": "NVD", "id": "CVE-2020-26991" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.2), Teamcenter Visualization (All versions \u003c V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing ASM files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11899). JT2Go and Teamcenter Visualization Has NULL A pointer dereference vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-11899 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of ASM files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment", "sources": [ { "db": "NVD", "id": "CVE-2020-26991" }, { "db": "JVNDB", "id": "JVNDB-2020-015255" }, { "db": "ZDI", "id": "ZDI-21-053" }, { "db": "CNVD", "id": "CNVD-2021-02580" }, { "db": "VULMON", "id": "CVE-2020-26991" } ], "trust": 2.88 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-26991", "trust": 3.8 }, { "db": "ZDI", "id": "ZDI-21-053", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-622830", "trust": 2.3 }, { "db": "SIEMENS", "id": "SSA-663999", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-695540", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU91685542", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015255", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11899", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2021-02580", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-040-06", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-147-04", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-012-03", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0495", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0125", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1836", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-844", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-26991", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-053" }, { "db": "CNVD", "id": "CNVD-2021-02580" }, { "db": "VULMON", "id": "CVE-2020-26991" }, { "db": "JVNDB", "id": "JVNDB-2020-015255" }, { "db": "CNNVD", "id": "CNNVD-202101-844" }, { "db": "NVD", "id": "CVE-2020-26991" } ] }, "id": "VAR-202101-0352", "iot": { "_id": null, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-02580" } ], "trust": 0.06 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02580" } ] }, "last_update_date": "2024-11-23T19:53:31.825000Z", "patch": { "_id": null, "data": [ { "title": "SSA-695540", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "title": " https://us-cert.cisa.gov/ics/advisories/icsa-21-147-04", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "title": "Patch for JT2Go and Teamcenter Visualization untrusted pointer vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/243976" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=139356" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=22012358d4c381f4f14edecd2684a63a" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=c60b7733e9b4edbad6ce3fc7a4344fda" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=1c3bdb36e22f42f5b9339f0ff806382c" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-053" }, { "db": "CNVD", "id": "CNVD-2021-02580" }, { "db": "VULMON", "id": "CVE-2020-26991" }, { "db": "JVNDB", "id": "JVNDB-2020-015255" }, { "db": "CNNVD", "id": "CNNVD-202101-844" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-822", "trust": 1.0 }, { "problemtype": "CWE-476", "trust": 1.0 }, { "problemtype": "NULL Pointer dereference (CWE-476) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015255" }, { "db": "NVD", "id": "CVE-2020-26991" } ] }, "references": { "_id": null, "data": [ { "trust": 2.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-053/" }, { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "trust": 2.3, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26991" }, { "trust": 1.3, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-147-04" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91685542/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0495" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0125/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1836" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/476.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-053" }, { "db": "CNVD", "id": "CNVD-2021-02580" }, { "db": "VULMON", "id": "CVE-2020-26991" }, { "db": "JVNDB", "id": "JVNDB-2020-015255" }, { "db": "CNNVD", "id": "CNNVD-202101-844" }, { "db": "NVD", "id": "CVE-2020-26991" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-053", "ident": null }, { "db": "CNVD", "id": "CNVD-2021-02580", "ident": null }, { "db": "VULMON", "id": "CVE-2020-26991", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015255", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202101-844", "ident": null }, { "db": "NVD", "id": "CVE-2020-26991", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-01-15T00:00:00", "db": "ZDI", "id": "ZDI-21-053", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02580", "ident": null }, { "date": "2021-01-12T00:00:00", "db": "VULMON", "id": "CVE-2020-26991", "ident": null }, { "date": "2021-09-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015255", "ident": null }, { "date": "2021-01-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-844", "ident": null }, { "date": "2021-01-12T21:15:17.323000", "db": "NVD", "id": "CVE-2020-26991", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-06-08T00:00:00", "db": "ZDI", "id": "ZDI-21-053", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02580", "ident": null }, { "date": "2021-05-19T00:00:00", "db": "VULMON", "id": "CVE-2020-26991", "ident": null }, { "date": "2021-09-15T08:31:00", "db": "JVNDB", "id": "JVNDB-2020-015255", "ident": null }, { "date": "2022-10-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-844", "ident": null }, { "date": "2024-11-21T05:20:38.457000", "db": "NVD", "id": "CVE-2020-26991", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-844" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015255" } ], "trust": 0.8 }, "type": { "_id": null, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-844" } ], "trust": 0.6 } }
var-202212-1163
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1163", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.12" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.6" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.8" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "jt2go", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.4" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023188" }, { "db": "NVD", "id": "CVE-2022-41283" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.4", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.8", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.12", "versionStartIncluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-41283" } ] }, "cve": "CVE-2022-41283", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "OTHER", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2022-023188", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2022-41283", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2022-41283", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2022-023188", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202212-3109", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023188" }, { "db": "NVD", "id": "CVE-2022-41283" }, { "db": "NVD", "id": "CVE-2022-41283" }, { "db": "CNNVD", "id": "CNNVD-202212-3109" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. Siemens\u0027 JT2Go and Teamcenter Visualization Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-41283" }, { "db": "JVNDB", "id": "JVNDB-2022-023188" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-41283", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-700053", "trust": 2.4 }, { "db": "ICS CERT", "id": "ICSA-22-349-20", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU91561630", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-023188", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202212-3109", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023188" }, { "db": "NVD", "id": "CVE-2022-41283" }, { "db": "CNNVD", "id": "CNNVD-202212-3109" } ] }, "id": "VAR-202212-1163", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:18:04.462000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens part of the product Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=217847" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3109" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023188" }, { "db": "NVD", "id": "CVE-2022-41283" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91561630/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41283" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-20" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-41283/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023188" }, { "db": "NVD", "id": "CVE-2022-41283" }, { "db": "CNNVD", "id": "CNNVD-202212-3109" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2022-023188" }, { "db": "NVD", "id": "CVE-2022-41283" }, { "db": "CNNVD", "id": "CNNVD-202212-3109" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-023188" }, { "date": "2022-12-13T16:15:22.697000", "db": "NVD", "id": "CVE-2022-41283" }, { "date": "2022-12-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3109" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-28T02:20:00", "db": "JVNDB", "id": "JVNDB-2022-023188" }, { "date": "2023-04-11T10:15:16.953000", "db": "NVD", "id": "CVE-2022-41283" }, { "date": "2023-04-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3109" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3109" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds write vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023188" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3109" } ], "trust": 0.6 } }
var-202107-1414
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13404). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13404 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SGI files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-855" }, { "db": "JVNDB", "id": "JVNDB-2021-009317" }, { "db": "NVD", "id": "CVE-2021-34319" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34319" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-855" } ], "trust": 0.7 }, "cve": "CVE-2021-34319", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34319", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34319", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34319", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34319", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34319", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-906", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-34319", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-855" }, { "db": "VULMON", "id": "CVE-2021-34319" }, { "db": "JVNDB", "id": "JVNDB-2021-009317" }, { "db": "NVD", "id": "CVE-2021-34319" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-906" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13404). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13404 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SGI files. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-34319" }, { "db": "JVNDB", "id": "JVNDB-2021-009317" }, { "db": "ZDI", "id": "ZDI-21-855" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-34319" } ], "trust": 2.88 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34319", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-855", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009317", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13404", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021071508", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-906", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34319", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-855" }, { "db": "VULMON", "id": "CVE-2021-34319" }, { "db": "JVNDB", "id": "JVNDB-2021-009317" }, { "db": "NVD", "id": "CVE-2021-34319" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-906" } ] }, "id": "VAR-202107-1414", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:33:21.323000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156599" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-855" }, { "db": "VULMON", "id": "CVE-2021-34319" }, { "db": "JVNDB", "id": "JVNDB-2021-009317" }, { "db": "CNNVD", "id": "CNNVD-202107-906" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009317" }, { "db": "NVD", "id": "CVE-2021-34319" } ] }, "references": { "_id": null, "data": [ { "trust": 3.1, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-855/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34319" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071508" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-855" }, { "db": "VULMON", "id": "CVE-2021-34319" }, { "db": "JVNDB", "id": "JVNDB-2021-009317" }, { "db": "NVD", "id": "CVE-2021-34319" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-906" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-855", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34319", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009317", "ident": null }, { "db": "NVD", "id": "CVE-2021-34319", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-906", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-855", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34319", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009317", "ident": null }, { "date": "2021-07-13T11:15:12.373000", "db": "NVD", "id": "CVE-2021-34319", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-906", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-855", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "VULMON", "id": "CVE-2021-34319", "ident": null }, { "date": "2022-04-20T08:09:00", "db": "JVNDB", "id": "JVNDB-2021-009317", "ident": null }, { "date": "2021-07-27T14:04:06.097000", "db": "NVD", "id": "CVE-2021-34319", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2021-08-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-906", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-906" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009317" } ], "trust": 0.8 }, "type": { "_id": null, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
var-202107-1375
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12956). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-12956 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of GIF files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-870" }, { "db": "JVNDB", "id": "JVNDB-2021-009348" }, { "db": "NVD", "id": "CVE-2021-34291" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34291" } ] }, "credits": { "_id": null, "data": "garmin", "sources": [ { "db": "ZDI", "id": "ZDI-21-870" } ], "trust": 0.7 }, "cve": "CVE-2021-34291", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34291", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34291", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34291", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34291", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34291", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-858", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-34291", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-870" }, { "db": "VULMON", "id": "CVE-2021-34291" }, { "db": "JVNDB", "id": "JVNDB-2021-009348" }, { "db": "NVD", "id": "CVE-2021-34291" }, { "db": "CNNVD", "id": "CNNVD-202107-858" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12956). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-12956 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of GIF files", "sources": [ { "db": "NVD", "id": "CVE-2021-34291" }, { "db": "JVNDB", "id": "JVNDB-2021-009348" }, { "db": "ZDI", "id": "ZDI-21-870" }, { "db": "VULMON", "id": "CVE-2021-34291" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34291", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-870", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009348", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12956", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-858", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34291", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-870" }, { "db": "VULMON", "id": "CVE-2021-34291" }, { "db": "JVNDB", "id": "JVNDB-2021-009348" }, { "db": "NVD", "id": "CVE-2021-34291" }, { "db": "CNNVD", "id": "CNNVD-202107-858" } ] }, "id": "VAR-202107-1375", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:23:08.300000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156551" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-870" }, { "db": "VULMON", "id": "CVE-2021-34291" }, { "db": "JVNDB", "id": "JVNDB-2021-009348" }, { "db": "CNNVD", "id": "CNNVD-202107-858" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009348" }, { "db": "NVD", "id": "CVE-2021-34291" } ] }, "references": { "_id": null, "data": [ { "trust": 2.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-870/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34291" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-870" }, { "db": "VULMON", "id": "CVE-2021-34291" }, { "db": "JVNDB", "id": "JVNDB-2021-009348" }, { "db": "NVD", "id": "CVE-2021-34291" }, { "db": "CNNVD", "id": "CNNVD-202107-858" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-870", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34291", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009348", "ident": null }, { "db": "NVD", "id": "CVE-2021-34291", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-858", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-870", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34291", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009348", "ident": null }, { "date": "2021-07-13T11:15:10.253000", "db": "NVD", "id": "CVE-2021-34291", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-858", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-870", "ident": null }, { "date": "2021-07-27T00:00:00", "db": "VULMON", "id": "CVE-2021-34291", "ident": null }, { "date": "2022-04-20T09:08:00", "db": "JVNDB", "id": "JVNDB-2021-009348", "ident": null }, { "date": "2021-07-27T14:52:39.517000", "db": "NVD", "id": "CVE-2021-34291", "ident": null }, { "date": "2021-07-20T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-858", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-858" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009348" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-858" } ], "trust": 0.6 } }
var-202112-0807
Vulnerability from variot
A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15058, ZDI-CAN-19076, ZDI-CAN-19077). JT2Go and Teamcenter Visualization Exists in an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-15058 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0807", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "solid edge viewer", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "jt utilities", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.1.0" }, { "model": "jt open toolkit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "11.1.1.0" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "solid edge", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "se2023" }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2.0.5" }, { "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-006" }, { "db": "ZDI", "id": "ZDI-23-088" }, { "db": "ZDI", "id": "ZDI-23-087" }, { "db": "JVNDB", "id": "JVNDB-2021-005666" }, { "db": "NVD", "id": "CVE-2021-44002" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt_open_toolkit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.1.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt_utilities:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "se2023", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44002" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-22-006" }, { "db": "ZDI", "id": "ZDI-23-088" }, { "db": "ZDI", "id": "ZDI-23-087" }, { "db": "CNNVD", "id": "CNNVD-202112-1193" } ], "trust": 2.7 }, "cve": "CVE-2021-44002", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-44002", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-44002", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.1, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-44002", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2021-44002", "trust": 2.1, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2021-44002", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2021-44002", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202112-1193", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-44002", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-006" }, { "db": "ZDI", "id": "ZDI-23-088" }, { "db": "ZDI", "id": "ZDI-23-087" }, { "db": "VULMON", "id": "CVE-2021-44002" }, { "db": "JVNDB", "id": "JVNDB-2021-005666" }, { "db": "NVD", "id": "CVE-2021-44002" }, { "db": "NVD", "id": "CVE-2021-44002" }, { "db": "CNNVD", "id": "CNNVD-202112-1193" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT Open (All versions \u003c V11.1.1.0), JT Utilities (All versions \u003c V13.1.1.0), Solid Edge (All versions \u003c V2023). The Jt1001.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15058, ZDI-CAN-19076, ZDI-CAN-19077). JT2Go and Teamcenter Visualization Exists in an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-15058 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files", "sources": [ { "db": "NVD", "id": "CVE-2021-44002" }, { "db": "JVNDB", "id": "JVNDB-2021-005666" }, { "db": "ZDI", "id": "ZDI-22-006" }, { "db": "ZDI", "id": "ZDI-23-088" }, { "db": "ZDI", "id": "ZDI-23-087" }, { "db": "VULMON", "id": "CVE-2021-44002" } ], "trust": 3.6 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-44002", "trust": 5.4 }, { "db": "SIEMENS", "id": "SSA-936212", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-595101", "trust": 1.7 }, { "db": "ZDI", "id": "ZDI-22-006", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU96592426", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU90782730", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-005666", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-15058", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19077", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-088", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19076", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-087", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-350-10", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.4300", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010614", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202112-1193", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-44002", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-006" }, { "db": "ZDI", "id": "ZDI-23-088" }, { "db": "ZDI", "id": "ZDI-23-087" }, { "db": "VULMON", "id": "CVE-2021-44002" }, { "db": "JVNDB", "id": "JVNDB-2021-005666" }, { "db": "NVD", "id": "CVE-2021-44002" }, { "db": "CNNVD", "id": "CNNVD-202112-1193" } ] }, "id": "VAR-202112-0807", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:56:33.053000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 1.4, "url": "https://cert-portal.siemens.com/productcert/html/ssa-936212.html" }, { "title": "SSA-595101", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "title": "", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdfhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=175052" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=39139dcd04f2a523ea449623583b65af" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-006" }, { "db": "ZDI", "id": "ZDI-23-088" }, { "db": "ZDI", "id": "ZDI-23-087" }, { "db": "VULMON", "id": "CVE-2021-44002" }, { "db": "JVNDB", "id": "JVNDB-2021-005666" }, { "db": "CNNVD", "id": "CNNVD-202112-1193" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-005666" }, { "db": "NVD", "id": "CVE-2021-44002" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf" }, { "trust": 1.4, "url": "https://cert-portal.siemens.com/productcert/html/ssa-936212.html" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44002" }, { "trust": 1.3, "url": "https://www.zerodayinitiative.com/advisories/zdi-22-006/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu96592426/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu90782730/" }, { "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdfhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-10" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4300" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010614" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-006" }, { "db": "ZDI", "id": "ZDI-23-088" }, { "db": "ZDI", "id": "ZDI-23-087" }, { "db": "VULMON", "id": "CVE-2021-44002" }, { "db": "JVNDB", "id": "JVNDB-2021-005666" }, { "db": "NVD", "id": "CVE-2021-44002" }, { "db": "CNNVD", "id": "CNNVD-202112-1193" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-22-006" }, { "db": "ZDI", "id": "ZDI-23-088" }, { "db": "ZDI", "id": "ZDI-23-087" }, { "db": "VULMON", "id": "CVE-2021-44002" }, { "db": "JVNDB", "id": "JVNDB-2021-005666" }, { "db": "NVD", "id": "CVE-2021-44002" }, { "db": "CNNVD", "id": "CNNVD-202112-1193" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-06T00:00:00", "db": "ZDI", "id": "ZDI-22-006" }, { "date": "2023-01-18T00:00:00", "db": "ZDI", "id": "ZDI-23-088" }, { "date": "2023-01-18T00:00:00", "db": "ZDI", "id": "ZDI-23-087" }, { "date": "2021-12-14T00:00:00", "db": "VULMON", "id": "CVE-2021-44002" }, { "date": "2021-12-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-005666" }, { "date": "2021-12-14T12:15:10.143000", "db": "NVD", "id": "CVE-2021-44002" }, { "date": "2021-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1193" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-09T00:00:00", "db": "ZDI", "id": "ZDI-22-006" }, { "date": "2023-01-18T00:00:00", "db": "ZDI", "id": "ZDI-23-088" }, { "date": "2023-01-18T00:00:00", "db": "ZDI", "id": "ZDI-23-087" }, { "date": "2023-02-21T00:00:00", "db": "VULMON", "id": "CVE-2021-44002" }, { "date": "2023-01-16T07:40:00", "db": "JVNDB", "id": "JVNDB-2021-005666" }, { "date": "2023-02-21T18:34:56.270000", "db": "NVD", "id": "CVE-2021-44002" }, { "date": "2023-01-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1193" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1193" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Solid Edge Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-23-088" }, { "db": "ZDI", "id": "ZDI-23-087" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1193" } ], "trust": 0.6 } }
var-202107-1418
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13419). JT2Go and Teamcenter Visualization There is a vulnerability related to out-of-bounds writing and a vulnerability related to input verification. Zero Day Initiative To this vulnerability ZDI-CAN-13419 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-861" }, { "db": "JVNDB", "id": "JVNDB-2021-009282" }, { "db": "NVD", "id": "CVE-2021-34323" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34323" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-861" } ], "trust": 0.7 }, "cve": "CVE-2021-34323", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34323", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34323", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34323", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34323", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34323", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-918", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-34323", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-861" }, { "db": "VULMON", "id": "CVE-2021-34323" }, { "db": "JVNDB", "id": "JVNDB-2021-009282" }, { "db": "NVD", "id": "CVE-2021-34323" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-918" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13419). JT2Go and Teamcenter Visualization There is a vulnerability related to out-of-bounds writing and a vulnerability related to input verification. Zero Day Initiative To this vulnerability ZDI-CAN-13419 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-34323" }, { "db": "JVNDB", "id": "JVNDB-2021-009282" }, { "db": "ZDI", "id": "ZDI-21-861" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-34323" } ], "trust": 2.88 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34323", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-861", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009282", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13419", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021071508", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-918", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34323", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-861" }, { "db": "VULMON", "id": "CVE-2021-34323" }, { "db": "JVNDB", "id": "JVNDB-2021-009282" }, { "db": "NVD", "id": "CVE-2021-34323" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-918" } ] }, "id": "VAR-202107-1418", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:48:28Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156611" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-861" }, { "db": "VULMON", "id": "CVE-2021-34323" }, { "db": "JVNDB", "id": "JVNDB-2021-009282" }, { "db": "CNNVD", "id": "CNNVD-202107-918" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009282" }, { "db": "NVD", "id": "CVE-2021-34323" } ] }, "references": { "_id": null, "data": [ { "trust": 3.2, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-861/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34323" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071508" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-861" }, { "db": "VULMON", "id": "CVE-2021-34323" }, { "db": "JVNDB", "id": "JVNDB-2021-009282" }, { "db": "NVD", "id": "CVE-2021-34323" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-918" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-861", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34323", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009282", "ident": null }, { "db": "NVD", "id": "CVE-2021-34323", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-918", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-861", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34323", "ident": null }, { "date": "2022-04-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009282", "ident": null }, { "date": "2021-07-13T11:15:12.687000", "db": "NVD", "id": "CVE-2021-34323", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-918", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-861", "ident": null }, { "date": "2021-07-27T00:00:00", "db": "VULMON", "id": "CVE-2021-34323", "ident": null }, { "date": "2022-04-19T09:39:00", "db": "JVNDB", "id": "JVNDB-2021-009282", "ident": null }, { "date": "2021-07-27T16:21:17.883000", "db": "NVD", "id": "CVE-2021-34323", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2021-08-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-918", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-918" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds Vulnerability in Microsoft", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009282" } ], "trust": 0.8 }, "type": { "_id": null, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
var-202107-1379
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13024). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13024 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of GIF files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-852" }, { "db": "JVNDB", "id": "JVNDB-2021-009344" }, { "db": "NVD", "id": "CVE-2021-34295" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34295" } ] }, "credits": { "_id": null, "data": "xina1i at SecZone", "sources": [ { "db": "ZDI", "id": "ZDI-21-852" } ], "trust": 0.7 }, "cve": "CVE-2021-34295", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34295", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34295", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34295", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34295", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34295", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-867", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-34295", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-852" }, { "db": "VULMON", "id": "CVE-2021-34295" }, { "db": "JVNDB", "id": "JVNDB-2021-009344" }, { "db": "NVD", "id": "CVE-2021-34295" }, { "db": "CNNVD", "id": "CNNVD-202107-867" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13024). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13024 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of GIF files", "sources": [ { "db": "NVD", "id": "CVE-2021-34295" }, { "db": "JVNDB", "id": "JVNDB-2021-009344" }, { "db": "ZDI", "id": "ZDI-21-852" }, { "db": "VULMON", "id": "CVE-2021-34295" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34295", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-852", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009344", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13024", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-867", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34295", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-852" }, { "db": "VULMON", "id": "CVE-2021-34295" }, { "db": "JVNDB", "id": "JVNDB-2021-009344" }, { "db": "NVD", "id": "CVE-2021-34295" }, { "db": "CNNVD", "id": "CNNVD-202107-867" } ] }, "id": "VAR-202107-1379", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:11:33.414000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156560" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-852" }, { "db": "VULMON", "id": "CVE-2021-34295" }, { "db": "JVNDB", "id": "JVNDB-2021-009344" }, { "db": "CNNVD", "id": "CNNVD-202107-867" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-20", "trust": 1.0 }, { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009344" }, { "db": "NVD", "id": "CVE-2021-34295" } ] }, "references": { "_id": null, "data": [ { "trust": 2.5, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-852/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34295" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-852" }, { "db": "VULMON", "id": "CVE-2021-34295" }, { "db": "JVNDB", "id": "JVNDB-2021-009344" }, { "db": "NVD", "id": "CVE-2021-34295" }, { "db": "CNNVD", "id": "CNNVD-202107-867" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-852", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34295", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009344", "ident": null }, { "db": "NVD", "id": "CVE-2021-34295", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-867", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-852", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34295", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009344", "ident": null }, { "date": "2021-07-13T11:15:10.533000", "db": "NVD", "id": "CVE-2021-34295", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-867", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-852", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "VULMON", "id": "CVE-2021-34295", "ident": null }, { "date": "2022-04-20T09:06:00", "db": "JVNDB", "id": "JVNDB-2021-009344", "ident": null }, { "date": "2021-07-27T16:26:27.573000", "db": "NVD", "id": "CVE-2021-34295", "ident": null }, { "date": "2021-08-02T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-867", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-867" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009344" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-867" } ], "trust": 0.6 } }
var-202107-1381
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13059). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13059 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BMP files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-832" }, { "db": "JVNDB", "id": "JVNDB-2021-009342" }, { "db": "NVD", "id": "CVE-2021-34297" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34297" } ] }, "credits": { "_id": null, "data": "xina1i at SecZone", "sources": [ { "db": "ZDI", "id": "ZDI-21-832" } ], "trust": 0.7 }, "cve": "CVE-2021-34297", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34297", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34297", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34297", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34297", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34297", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-872", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-34297", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-832" }, { "db": "VULMON", "id": "CVE-2021-34297" }, { "db": "JVNDB", "id": "JVNDB-2021-009342" }, { "db": "NVD", "id": "CVE-2021-34297" }, { "db": "CNNVD", "id": "CNNVD-202107-872" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13059). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13059 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BMP files", "sources": [ { "db": "NVD", "id": "CVE-2021-34297" }, { "db": "JVNDB", "id": "JVNDB-2021-009342" }, { "db": "ZDI", "id": "ZDI-21-832" }, { "db": "VULMON", "id": "CVE-2021-34297" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34297", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-832", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009342", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13059", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-872", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34297", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-832" }, { "db": "VULMON", "id": "CVE-2021-34297" }, { "db": "JVNDB", "id": "JVNDB-2021-009342" }, { "db": "NVD", "id": "CVE-2021-34297" }, { "db": "CNNVD", "id": "CNNVD-202107-872" } ] }, "id": "VAR-202107-1381", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:03:55.663000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156565" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-832" }, { "db": "VULMON", "id": "CVE-2021-34297" }, { "db": "JVNDB", "id": "JVNDB-2021-009342" }, { "db": "CNNVD", "id": "CNNVD-202107-872" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009342" }, { "db": "NVD", "id": "CVE-2021-34297" } ] }, "references": { "_id": null, "data": [ { "trust": 2.5, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-832/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34297" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-832" }, { "db": "VULMON", "id": "CVE-2021-34297" }, { "db": "JVNDB", "id": "JVNDB-2021-009342" }, { "db": "NVD", "id": "CVE-2021-34297" }, { "db": "CNNVD", "id": "CNNVD-202107-872" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-832", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34297", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009342", "ident": null }, { "db": "NVD", "id": "CVE-2021-34297", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-872", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-832", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34297", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009342", "ident": null }, { "date": "2021-07-13T11:15:10.673000", "db": "NVD", "id": "CVE-2021-34297", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-872", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-832", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "VULMON", "id": "CVE-2021-34297", "ident": null }, { "date": "2022-04-20T09:04:00", "db": "JVNDB", "id": "JVNDB-2021-009342", "ident": null }, { "date": "2021-07-27T14:11:02.460000", "db": "NVD", "id": "CVE-2021-34297", "ident": null }, { "date": "2021-08-02T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-872", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-872" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009342" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-872" } ], "trust": 0.6 } }
var-202107-1385
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13196). JT2Go and Teamcenter Visualization There is a vulnerability related to input verification and a vulnerability related to the use of freed memory. Zero Day Initiative To this vulnerability ZDI-CAN-13196 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BMP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-873" }, { "db": "JVNDB", "id": "JVNDB-2021-009337" }, { "db": "NVD", "id": "CVE-2021-34301" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34301" } ] }, "credits": { "_id": null, "data": "xina1i at SecZone", "sources": [ { "db": "ZDI", "id": "ZDI-21-873" } ], "trust": 0.7 }, "cve": "CVE-2021-34301", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34301", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34301", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34301", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34301", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34301", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-876", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-34301", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-873" }, { "db": "VULMON", "id": "CVE-2021-34301" }, { "db": "JVNDB", "id": "JVNDB-2021-009337" }, { "db": "NVD", "id": "CVE-2021-34301" }, { "db": "CNNVD", "id": "CNNVD-202107-876" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13196). JT2Go and Teamcenter Visualization There is a vulnerability related to input verification and a vulnerability related to the use of freed memory. Zero Day Initiative To this vulnerability ZDI-CAN-13196 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BMP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object", "sources": [ { "db": "NVD", "id": "CVE-2021-34301" }, { "db": "JVNDB", "id": "JVNDB-2021-009337" }, { "db": "ZDI", "id": "ZDI-21-873" }, { "db": "VULMON", "id": "CVE-2021-34301" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34301", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-873", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009337", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13196", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-876", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34301", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-873" }, { "db": "VULMON", "id": "CVE-2021-34301" }, { "db": "JVNDB", "id": "JVNDB-2021-009337" }, { "db": "NVD", "id": "CVE-2021-34301" }, { "db": "CNNVD", "id": "CNNVD-202107-876" } ] }, "id": "VAR-202107-1385", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:52:23.940000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156569" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-873" }, { "db": "VULMON", "id": "CVE-2021-34301" }, { "db": "JVNDB", "id": "JVNDB-2021-009337" }, { "db": "CNNVD", "id": "CNNVD-202107-876" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-416", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Use of freed memory (CWE-416) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009337" }, { "db": "NVD", "id": "CVE-2021-34301" } ] }, "references": { "_id": null, "data": [ { "trust": 3.1, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-873/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34301" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-873" }, { "db": "VULMON", "id": "CVE-2021-34301" }, { "db": "JVNDB", "id": "JVNDB-2021-009337" }, { "db": "NVD", "id": "CVE-2021-34301" }, { "db": "CNNVD", "id": "CNNVD-202107-876" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-873", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34301", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009337", "ident": null }, { "db": "NVD", "id": "CVE-2021-34301", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-876", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-873", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34301", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009337", "ident": null }, { "date": "2021-07-13T11:15:10.987000", "db": "NVD", "id": "CVE-2021-34301", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-876", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-873", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "VULMON", "id": "CVE-2021-34301", "ident": null }, { "date": "2022-04-20T09:02:00", "db": "JVNDB", "id": "JVNDB-2021-009337", "ident": null }, { "date": "2021-07-27T14:27:43.933000", "db": "NVD", "id": "CVE-2021-34301", "ident": null }, { "date": "2021-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-876", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-876" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009337" } ], "trust": 0.8 }, "type": { "_id": null, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-876" } ], "trust": 0.6 } }
var-202205-0955
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens JT2GO and Teamcenter Visualization
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0955", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.1" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.3" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.3" } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29031" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.1", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.3", "versionStartIncluding": "13.3", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29031" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "reported these vulnerabilities to CISA., of ADLab of Venustech,Jin Huang", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3135" } ], "trust": 0.6 }, "cve": "CVE-2022-29031", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-29031", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202205-3135", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29031" }, { "db": "CNNVD", "id": "CNNVD-202205-3135" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.3.0.3), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.3), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens JT2GO and Teamcenter Visualization", "sources": [ { "db": "NVD", "id": "CVE-2022-29031" }, { "db": "VULMON", "id": "CVE-2022-29031" } ], "trust": 0.99 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-29031", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-553086", "trust": 1.6 }, { "db": "ICS CERT", "id": "ICSA-22-132-09", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022051211", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.2350", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202205-3135", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-29031", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-29031" }, { "db": "NVD", "id": "CVE-2022-29031" }, { "db": "CNNVD", "id": "CNNVD-202205-3135" } ] }, "id": "VAR-202205-0955", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:56:05.436000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens JT2GO and Siemens Teamcenter Visualization Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=194235" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3135" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29031" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-132-09" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-29031/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.2350" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022051211" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-09" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-29031" }, { "db": "NVD", "id": "CVE-2022-29031" }, { "db": "CNNVD", "id": "CNNVD-202205-3135" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-29031" }, { "db": "NVD", "id": "CVE-2022-29031" }, { "db": "CNNVD", "id": "CNNVD-202205-3135" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-20T13:15:15.697000", "db": "NVD", "id": "CVE-2022-29031" }, { "date": "2022-05-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202205-3135" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-26T22:53:12.673000", "db": "NVD", "id": "CVE-2022-29031" }, { "date": "2022-05-30T00:00:00", "db": "CNNVD", "id": "CNNVD-202205-3135" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3135" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens JT2GO and Siemens Teamcenter Visualization Code problem vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3135" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3135" } ], "trust": 0.6 } }
var-202112-0806
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to use of uninitialized memory while parsing user supplied TIFF files. This could allow an attacker to cause a denial-of-service condition. JT2Go and Teamcenter Visualization Exists in the use of uninitialized variables.Service operation interruption (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0806", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2.0.5" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-010935" }, { "db": "NVD", "id": "CVE-2021-44003" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44003" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro\u2019s Zero Day Initiative and Jin Huang from ADLab reported these vulnerabilities.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1194" } ], "trust": 0.6 }, "cve": "CVE-2021-44003", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-44003", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-44003", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-44003", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202112-1194", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-010935" }, { "db": "NVD", "id": "CVE-2021-44003" }, { "db": "CNNVD", "id": "CNNVD-202112-1194" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll is vulnerable to use of uninitialized memory while parsing user supplied TIFF files. This could allow an attacker to cause a denial-of-service condition. JT2Go and Teamcenter Visualization Exists in the use of uninitialized variables.Service operation interruption (DoS) It may be put into a state", "sources": [ { "db": "NVD", "id": "CVE-2021-44003" }, { "db": "JVNDB", "id": "JVNDB-2021-010935" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-44003", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-595101", "trust": 1.6 }, { "db": "JVN", "id": "JVNVU96592426", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-010935", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2021.4300", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-350-10", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010614", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202112-1194", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-010935" }, { "db": "NVD", "id": "CVE-2021-44003" }, { "db": "CNNVD", "id": "CNNVD-202112-1194" } ] }, "id": "VAR-202112-0806", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:28:55.669000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-595101", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "title": "Siemens Jt2go Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=175268" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-010935" }, { "db": "CNNVD", "id": "CNNVD-202112-1194" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-908", "trust": 1.0 }, { "problemtype": "Use of uninitialized variables (CWE-457) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-010935" }, { "db": "NVD", "id": "CVE-2021-44003" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44003" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu96592426/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-10" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4300" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010614" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-010935" }, { "db": "NVD", "id": "CVE-2021-44003" }, { "db": "CNNVD", "id": "CNNVD-202112-1194" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2021-010935" }, { "db": "NVD", "id": "CVE-2021-44003" }, { "db": "CNNVD", "id": "CNNVD-202112-1194" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-010935" }, { "date": "2021-12-14T12:15:10.197000", "db": "NVD", "id": "CVE-2021-44003" }, { "date": "2021-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1194" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-12T07:03:00", "db": "JVNDB", "id": "JVNDB-2021-010935" }, { "date": "2022-07-25T10:38:59.030000", "db": "NVD", "id": "CVE-2021-44003" }, { "date": "2022-07-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1194" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1194" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Vulnerability in using uninitialized variables in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-010935" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1194" } ], "trust": 0.6 } }
var-202309-0580
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20842). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of WRL files. The issue results from the lack of validating the existence of an object prior to performing operations on the object
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202309-0580", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "tecnomatix plant simulation", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2201.0" }, { "model": "tecnomatix plant simulation", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2302.0004" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.6" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.3" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.3.0.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.4.0.12" }, { "model": "tecnomatix plant simulation", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2201.0010" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.3.0.1" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.2" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.11" }, { "model": "tecnomatix plant simulation", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2302.0" }, { "model": "tecnomatix plant simulation", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1626" }, { "db": "NVD", "id": "CVE-2023-38075" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-23-1626" } ], "trust": 0.7 }, "cve": "CVE-2023-38075", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2023-38075", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2023-38075", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2023-38075", "trust": 1.0, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2023-38075", "trust": 1.0, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2023-38075", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1626" }, { "db": "NVD", "id": "CVE-2023-38075" }, { "db": "NVD", "id": "CVE-2023-38075" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.1), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions \u003c V2201.0010), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0004). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20842). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of WRL files. The issue results from the lack of validating the existence of an object prior to performing operations on the object", "sources": [ { "db": "NVD", "id": "CVE-2023-38075" }, { "db": "ZDI", "id": "ZDI-23-1626" }, { "db": "VULMON", "id": "CVE-2023-38075" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-38075", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-278349", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-478780", "trust": 1.0 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-20842", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-1626", "trust": 0.7 }, { "db": "VULMON", "id": "CVE-2023-38075", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1626" }, { "db": "VULMON", "id": "CVE-2023-38075" }, { "db": "NVD", "id": "CVE-2023-38075" } ] }, "id": "VAR-202309-0580", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.2690208 }, "last_update_date": "2024-08-14T12:07:52.891000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-278349.html" } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1626" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-416", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-38075" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" }, { "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-278349.html" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/416.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1626" }, { "db": "VULMON", "id": "CVE-2023-38075" }, { "db": "NVD", "id": "CVE-2023-38075" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-23-1626" }, { "db": "VULMON", "id": "CVE-2023-38075" }, { "db": "NVD", "id": "CVE-2023-38075" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-14T00:00:00", "db": "ZDI", "id": "ZDI-23-1626" }, { "date": "2023-09-12T00:00:00", "db": "VULMON", "id": "CVE-2023-38075" }, { "date": "2023-09-12T10:15:28.630000", "db": "NVD", "id": "CVE-2023-38075" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-14T00:00:00", "db": "ZDI", "id": "ZDI-23-1626" }, { "date": "2023-09-12T00:00:00", "db": "VULMON", "id": "CVE-2023-38075" }, { "date": "2024-01-25T02:23:00.527000", "db": "NVD", "id": "CVE-2023-38075" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Tecnomatix Plant Simulation WRL File Parsing Use-After-Free Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-23-1626" } ], "trust": 0.7 } }
var-202101-0344
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11900). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-11900 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PDF files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT,
VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment.
JT2Go and Teamcenter Visualization has an unspecified vulnerability
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-054" }, { "db": "CNVD", "id": "CNVD-2021-02588" }, { "db": "JVNDB", "id": "JVNDB-2020-015265" }, { "db": "NVD", "id": "CVE-2020-26983" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-21-054" } ], "trust": 0.7 }, "cve": "CVE-2020-26983", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-26983", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2021-02588", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2020-26983", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-26983", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-26983", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-26983", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2020-26983", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2020-26983", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2021-02588", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202101-852", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-054" }, { "db": "CNVD", "id": "CNVD-2021-02588" }, { "db": "JVNDB", "id": "JVNDB-2020-015265" }, { "db": "CNNVD", "id": "CNNVD-202101-852" }, { "db": "NVD", "id": "CVE-2020-26983" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11900). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-11900 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PDF files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT,\r\n\r\nVFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment. \n\r\n\r\nJT2Go and Teamcenter Visualization has an unspecified vulnerability", "sources": [ { "db": "NVD", "id": "CVE-2020-26983" }, { "db": "JVNDB", "id": "JVNDB-2020-015265" }, { "db": "ZDI", "id": "ZDI-21-054" }, { "db": "CNVD", "id": "CNVD-2021-02588" } ], "trust": 2.79 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-26983", "trust": 3.7 }, { "db": "ZDI", "id": "ZDI-21-054", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-622830", "trust": 2.2 }, { "db": "JVN", "id": "JVNVU91685542", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015265", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11900", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2021-02588", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0125", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-012-03", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-852", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-054" }, { "db": "CNVD", "id": "CNVD-2021-02588" }, { "db": "JVNDB", "id": "JVNDB-2020-015265" }, { "db": "CNNVD", "id": "CNNVD-202101-852" }, { "db": "NVD", "id": "CVE-2020-26983" } ] }, "id": "VAR-202101-0344", "iot": { "_id": null, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-02588" } ], "trust": 0.06 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02588" } ] }, "last_update_date": "2024-11-23T21:22:00.173000Z", "patch": { "_id": null, "data": [ { "title": "SSA-622830", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "title": "Patch for Unspecified vulnerability exists in JT2Go and Teamcenter Visualization (CNVD-2021-02588)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/244000" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139363" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-054" }, { "db": "CNVD", "id": "CNVD-2021-02588" }, { "db": "JVNDB", "id": "JVNDB-2020-015265" }, { "db": "CNNVD", "id": "CNNVD-202101-852" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015265" }, { "db": "NVD", "id": "CVE-2020-26983" } ] }, "references": { "_id": null, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-054/" }, { "trust": 2.2, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26983" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91685542/" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0125/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-054" }, { "db": "CNVD", "id": "CNVD-2021-02588" }, { "db": "JVNDB", "id": "JVNDB-2020-015265" }, { "db": "CNNVD", "id": "CNNVD-202101-852" }, { "db": "NVD", "id": "CVE-2020-26983" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-054", "ident": null }, { "db": "CNVD", "id": "CNVD-2021-02588", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015265", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202101-852", "ident": null }, { "db": "NVD", "id": "CVE-2020-26983", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-054", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02588", "ident": null }, { "date": "2021-09-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015265", "ident": null }, { "date": "2021-01-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-852", "ident": null }, { "date": "2021-01-12T21:15:16.823000", "db": "NVD", "id": "CVE-2020-26983", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-054", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02588", "ident": null }, { "date": "2021-09-15T08:33:00", "db": "JVNDB", "id": "JVNDB-2020-015265", "ident": null }, { "date": "2021-02-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-852", "ident": null }, { "date": "2024-11-21T05:20:37.530000", "db": "NVD", "id": "CVE-2020-26983", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-852" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds Vulnerability in Microsoft", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015265" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-852" } ], "trust": 0.6 } }
var-202202-0153
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053). Zero Day Initiative To this vulnerability ZDI-CAN-15053 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0153", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "solid edge", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "se2021" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.1" }, { "model": "teamcenter visualization", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.7" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.7" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "solid edge", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "se2022" }, { "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2.0.7" }, { "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0.9" }, { "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.3.0.1" }, { "model": "solid edge", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-335" }, { "db": "JVNDB", "id": "JVNDB-2021-018312" }, { "db": "NVD", "id": "CVE-2021-44000" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.1", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:13.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2022:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.7", "versionStartIncluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.7", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44000" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-22-335" }, { "db": "CNNVD", "id": "CNNVD-202202-809" } ], "trust": 1.3 }, "cve": "CVE-2021-44000", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-44000", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-44000", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-44000", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-44000", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-44000", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202202-809", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-335" }, { "db": "JVNDB", "id": "JVNDB-2021-018312" }, { "db": "NVD", "id": "CVE-2021-44000" }, { "db": "CNNVD", "id": "CNNVD-202202-809" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.7), Solid Edge SE2021 (All versions \u003c SE2021MP9), Solid Edge SE2022 (All versions \u003c SE2022MP1), Teamcenter Visualization V13.1 (All versions \u003c V13.1.0.9), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.7), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053). Zero Day Initiative To this vulnerability ZDI-CAN-15053 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer", "sources": [ { "db": "NVD", "id": "CVE-2021-44000" }, { "db": "JVNDB", "id": "JVNDB-2021-018312" }, { "db": "ZDI", "id": "ZDI-22-335" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-44000", "trust": 3.9 }, { "db": "ZDI", "id": "ZDI-22-335", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-301589", "trust": 1.6 }, { "db": "ICS CERT", "id": "ICSA-22-041-07", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU98748974", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-018312", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-15053", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022021110", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202202-809", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-335" }, { "db": "JVNDB", "id": "JVNDB-2021-018312" }, { "db": "NVD", "id": "CVE-2021-44000" }, { "db": "CNNVD", "id": "CNNVD-202202-809" } ] }, "id": "VAR-202202-0153", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:26:01.358000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-301589", "trust": 1.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "title": "Siemens Solid Edge Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=185272" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-335" }, { "db": "JVNDB", "id": "JVNDB-2021-018312" }, { "db": "CNNVD", "id": "CNNVD-202202-809" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-018312" }, { "db": "NVD", "id": "CVE-2021-44000" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://www.zerodayinitiative.com/advisories/zdi-22-335/" }, { "trust": 2.3, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44000" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu98748974/index.html" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-041-07" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022021110" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-041-07-1" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-041-07-0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-335" }, { "db": "JVNDB", "id": "JVNDB-2021-018312" }, { "db": "NVD", "id": "CVE-2021-44000" }, { "db": "CNNVD", "id": "CNNVD-202202-809" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-22-335" }, { "db": "JVNDB", "id": "JVNDB-2021-018312" }, { "db": "NVD", "id": "CVE-2021-44000" }, { "db": "CNNVD", "id": "CNNVD-202202-809" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-15T00:00:00", "db": "ZDI", "id": "ZDI-22-335" }, { "date": "2023-05-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-018312" }, { "date": "2022-02-09T16:15:14.107000", "db": "NVD", "id": "CVE-2021-44000" }, { "date": "2022-02-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202202-809" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-15T00:00:00", "db": "ZDI", "id": "ZDI-22-335" }, { "date": "2023-05-16T08:56:00", "db": "JVNDB", "id": "JVNDB-2021-018312" }, { "date": "2022-06-14T10:15:18.087000", "db": "NVD", "id": "CVE-2021-44000" }, { "date": "2022-06-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202202-809" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202202-809" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Out-of-bounds write vulnerabilities in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-018312" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202202-809" } ], "trust": 0.6 } }
var-202106-1189
Vulnerability from variot
Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of service condition or read sensitive information from memory. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DWG files. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages. A buffer error vulnerability exists in the Drawings SDK that arises from a boundary condition. Affected products and versions are as follows: Drawings SDK: Before 2022.4
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "drawing sdk", "scope": null, "trust": 1.4, "vendor": "open design alliance oda", "version": null }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.1" }, { "_id": null, "model": "drawings sdk", "scope": "lt", "trust": 1.0, "vendor": "opendesign", "version": "2022.4" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.1" }, { "_id": null, "model": "comos", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "10.4.1" }, { "_id": null, "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": "2022.4 all previous s - cve-2021-32938 , cve-2021-32936 , cve-2021-32940 , cve-2021-32948 , cve-2021-32950 , cve-2021-32944" }, { "_id": null, "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": "2022.5 all previous s - cve-2021-32946 , cve-2021-32952" }, { "_id": null, "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null }, { "_id": null, "model": "solid edge viewer", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-980" }, { "db": "ZDI", "id": "ZDI-23-135" }, { "db": "ZDI", "id": "ZDI-23-129" }, { "db": "ZDI", "id": "ZDI-23-207" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "NVD", "id": "CVE-2021-32938" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-980" }, { "db": "ZDI", "id": "ZDI-23-207" }, { "db": "CNNVD", "id": "CNNVD-202106-686" } ], "trust": 2.0 }, "cve": "CVE-2021-32938", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-32938", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-392924", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2021-32938", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-32938", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-32938", "impactScore": 5.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "IPA", "availabilityImpact": "Low", "baseScore": 4.4, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "JVNDB-2021-001881", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2021-32938", "trust": 1.4, "value": "LOW" }, { "author": "ZDI", "id": "CVE-2021-32938", "trust": 1.4, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2021-32938", "trust": 1.0, "value": "HIGH" }, { "author": "IPA", "id": "JVNDB-2021-001881", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202106-686", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-392924", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-32938", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-980" }, { "db": "ZDI", "id": "ZDI-23-135" }, { "db": "ZDI", "id": "ZDI-23-129" }, { "db": "ZDI", "id": "ZDI-23-207" }, { "db": "VULHUB", "id": "VHN-392924" }, { "db": "VULMON", "id": "CVE-2021-32938" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-686" }, { "db": "NVD", "id": "CVE-2021-32938" } ] }, "description": { "_id": null, "data": "Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of service condition or read sensitive information from memory. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DWG files. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages. A buffer error vulnerability exists in the Drawings SDK that arises from a boundary condition. Affected products and versions are as follows: Drawings SDK: Before 2022.4", "sources": [ { "db": "NVD", "id": "CVE-2021-32938" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "ZDI", "id": "ZDI-21-980" }, { "db": "ZDI", "id": "ZDI-23-135" }, { "db": "ZDI", "id": "ZDI-23-129" }, { "db": "ZDI", "id": "ZDI-23-207" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-392924" }, { "db": "VULMON", "id": "CVE-2021-32938" } ], "trust": 4.86 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-32938", "trust": 6.2 }, { "db": "ICS CERT", "id": "ICSA-21-159-02", "trust": 2.6 }, { "db": "ZDI", "id": "ZDI-21-980", "trust": 2.5 }, { "db": "SIEMENS", "id": "SSA-155599", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-491245", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-365397", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU97514209", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95145431", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-23-047-01", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-001881", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13378", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19161", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-135", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19146", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-129", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19073", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-207", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-22-069-06", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.0960", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2700", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1047", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2046", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031102", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021081108", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021060909", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-222-01", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202106-686", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-392924", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-32938", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-980" }, { "db": "ZDI", "id": "ZDI-23-135" }, { "db": "ZDI", "id": "ZDI-23-129" }, { "db": "ZDI", "id": "ZDI-23-207" }, { "db": "VULHUB", "id": "VHN-392924" }, { "db": "VULMON", "id": "CVE-2021-32938" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-686" }, { "db": "NVD", "id": "CVE-2021-32938" } ] }, "id": "VAR-202106-1189", "iot": { "_id": null, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-392924" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T12:49:08.011000Z", "patch": { "_id": null, "data": [ { "title": "", "trust": 1.4, "url": "https://www.opendesign.com/security-advisories" }, { "title": "Open\u00a0Design\u00a0Alliance\u00a0( Login required ) Open\u00a0Design\u00a0Alliance", "trust": 0.8, "url": "https://docs.opendesign.com/td/frames.html?frmname=topic\u0026frmfile=MovingToNewVersion.html" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-491245.html" }, { "title": "Open Design Alliance Drawings SDK Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=154863" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=dce38d2a1ec28e091a143e851596b2e8" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b2237aa5ac819041f827cc4fd4128631" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-980" }, { "db": "ZDI", "id": "ZDI-23-135" }, { "db": "ZDI", "id": "ZDI-23-129" }, { "db": "ZDI", "id": "ZDI-23-207" }, { "db": "VULMON", "id": "CVE-2021-32938" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202106-686" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.1 }, { "problemtype": "Out-of-bounds read (CWE-125) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Use of freed memory (CWE-416) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Improper checking in exceptional conditions (CWE-754) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [IPA evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-392924" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "NVD", "id": "CVE-2021-32938" } ] }, "references": { "_id": null, "data": [ { "trust": 2.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "trust": 2.5, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-980/" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" }, { "trust": 1.4, "url": "https://www.opendesign.com/security-advisories" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32938" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu95145431" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu97514209/index.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32936" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32940" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32944" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32946" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32948" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32950" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32952" }, { "trust": 0.8, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-047-01" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-491245.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1047" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2046" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021081108" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.0960" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2700" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021060909" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031102" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-06" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-155599.txt" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-06" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-980" }, { "db": "ZDI", "id": "ZDI-23-135" }, { "db": "ZDI", "id": "ZDI-23-129" }, { "db": "ZDI", "id": "ZDI-23-207" }, { "db": "VULHUB", "id": "VHN-392924" }, { "db": "VULMON", "id": "CVE-2021-32938" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-686" }, { "db": "NVD", "id": "CVE-2021-32938" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-980", "ident": null }, { "db": "ZDI", "id": "ZDI-23-135", "ident": null }, { "db": "ZDI", "id": "ZDI-23-129", "ident": null }, { "db": "ZDI", "id": "ZDI-23-207", "ident": null }, { "db": "VULHUB", "id": "VHN-392924", "ident": null }, { "db": "VULMON", "id": "CVE-2021-32938", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-001881", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202106-686", "ident": null }, { "db": "NVD", "id": "CVE-2021-32938", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-980", "ident": null }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-135", "ident": null }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-129", "ident": null }, { "date": "2023-03-01T00:00:00", "db": "ZDI", "id": "ZDI-23-207", "ident": null }, { "date": "2021-06-17T00:00:00", "db": "VULHUB", "id": "VHN-392924", "ident": null }, { "date": "2021-06-17T00:00:00", "db": "VULMON", "id": "CVE-2021-32938", "ident": null }, { "date": "2021-06-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-001881", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2021-06-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-686", "ident": null }, { "date": "2021-06-17T13:15:07.837000", "db": "NVD", "id": "CVE-2021-32938", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-980", "ident": null }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-135", "ident": null }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-129", "ident": null }, { "date": "2023-03-01T00:00:00", "db": "ZDI", "id": "ZDI-23-207", "ident": null }, { "date": "2023-02-14T00:00:00", "db": "VULHUB", "id": "VHN-392924", "ident": null }, { "date": "2023-02-14T00:00:00", "db": "VULMON", "id": "CVE-2021-32938", "ident": null }, { "date": "2023-02-17T05:48:00", "db": "JVNDB", "id": "JVNDB-2021-001881", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2023-02-17T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-686", "ident": null }, { "date": "2023-02-14T12:15:11.073000", "db": "NVD", "id": "CVE-2021-32938", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202106-686" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Open\u00a0Design\u00a0Alliance\u00a0 Made \u00a0Drawings\u00a0SDK\u00a0 Multiple vulnerabilities in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001881" } ], "trust": 0.8 }, "type": { "_id": null, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
var-202101-0347
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12014). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-12014 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of JT files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT,
VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-057" }, { "db": "CNVD", "id": "CNVD-2021-02585" }, { "db": "JVNDB", "id": "JVNDB-2020-015268" }, { "db": "NVD", "id": "CVE-2020-26986" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-21-057" } ], "trust": 0.7 }, "cve": "CVE-2020-26986", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-26986", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2021-02585", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2020-26986", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-26986", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-26986", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-26986", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2020-26986", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2020-26986", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2021-02585", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202101-850", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-057" }, { "db": "CNVD", "id": "CNVD-2021-02585" }, { "db": "JVNDB", "id": "JVNDB-2020-015268" }, { "db": "CNNVD", "id": "CNNVD-202101-850" }, { "db": "NVD", "id": "CVE-2020-26986" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12014). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-12014 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of JT files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT,\r\n\r\nVFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment", "sources": [ { "db": "NVD", "id": "CVE-2020-26986" }, { "db": "JVNDB", "id": "JVNDB-2020-015268" }, { "db": "ZDI", "id": "ZDI-21-057" }, { "db": "CNVD", "id": "CNVD-2021-02585" } ], "trust": 2.79 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-26986", "trust": 3.7 }, { "db": "ZDI", "id": "ZDI-21-057", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-622830", "trust": 2.2 }, { "db": "JVN", "id": "JVNVU91685542", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015268", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12014", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2021-02585", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0125", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-012-03", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-850", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-057" }, { "db": "CNVD", "id": "CNVD-2021-02585" }, { "db": "JVNDB", "id": "JVNDB-2020-015268" }, { "db": "CNNVD", "id": "CNNVD-202101-850" }, { "db": "NVD", "id": "CVE-2020-26986" } ] }, "id": "VAR-202101-0347", "iot": { "_id": null, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-02585" } ], "trust": 0.06 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02585" } ] }, "last_update_date": "2024-11-23T21:05:14.135000Z", "patch": { "_id": null, "data": [ { "title": "SSA-622830", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "title": "Patch for JT2Go and Teamcenter Visualization heap buffer overflow vulnerability (CNVD-2021-02585)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/243991" }, { "title": "Siemens Jt2go and Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139361" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-057" }, { "db": "CNVD", "id": "CNVD-2021-02585" }, { "db": "JVNDB", "id": "JVNDB-2020-015268" }, { "db": "CNNVD", "id": "CNNVD-202101-850" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-122", "trust": 1.0 }, { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015268" }, { "db": "NVD", "id": "CVE-2020-26986" } ] }, "references": { "_id": null, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-057/" }, { "trust": 2.2, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26986" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91685542/" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0125/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-057" }, { "db": "CNVD", "id": "CNVD-2021-02585" }, { "db": "JVNDB", "id": "JVNDB-2020-015268" }, { "db": "CNNVD", "id": "CNNVD-202101-850" }, { "db": "NVD", "id": "CVE-2020-26986" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-057", "ident": null }, { "db": "CNVD", "id": "CNVD-2021-02585", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015268", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202101-850", "ident": null }, { "db": "NVD", "id": "CVE-2020-26986", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-057", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02585", "ident": null }, { "date": "2021-09-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015268", "ident": null }, { "date": "2021-01-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-850", "ident": null }, { "date": "2021-01-12T21:15:16.997000", "db": "NVD", "id": "CVE-2020-26986", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-057", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02585", "ident": null }, { "date": "2021-09-15T08:33:00", "db": "JVNDB", "id": "JVNDB-2020-015268", "ident": null }, { "date": "2021-02-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-850", "ident": null }, { "date": "2024-11-21T05:20:37.863000", "db": "NVD", "id": "CVE-2020-26986", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-850" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds Vulnerability in Microsoft", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015268" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-850" } ], "trust": 0.6 } }
var-202107-1416
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The VisDraw.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13414). JT2Go and Teamcenter Visualization There is a vulnerability related to out-of-bounds reading and a vulnerability related to input verification. Zero Day Initiative To this vulnerability ZDI-CAN-13414 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of J2K files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-858" }, { "db": "JVNDB", "id": "JVNDB-2021-009284" }, { "db": "NVD", "id": "CVE-2021-34321" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34321" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-858" } ], "trust": 0.7 }, "cve": "CVE-2021-34321", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34321", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34321", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2021-34321", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34321", "trust": 1.8, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2021-34321", "trust": 0.7, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202107-910", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-34321", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-858" }, { "db": "VULMON", "id": "CVE-2021-34321" }, { "db": "JVNDB", "id": "JVNDB-2021-009284" }, { "db": "NVD", "id": "CVE-2021-34321" }, { "db": "CNNVD", "id": "CNNVD-202107-910" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The VisDraw.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13414). JT2Go and Teamcenter Visualization There is a vulnerability related to out-of-bounds reading and a vulnerability related to input verification. Zero Day Initiative To this vulnerability ZDI-CAN-13414 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of J2K files. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-34321" }, { "db": "JVNDB", "id": "JVNDB-2021-009284" }, { "db": "ZDI", "id": "ZDI-21-858" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-34321" } ], "trust": 2.88 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34321", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-858", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009284", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13414", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021071508", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-910", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34321", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-858" }, { "db": "VULMON", "id": "CVE-2021-34321" }, { "db": "JVNDB", "id": "JVNDB-2021-009284" }, { "db": "NVD", "id": "CVE-2021-34321" }, { "db": "CNNVD", "id": "CNNVD-202107-910" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "id": "VAR-202107-1416", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:33:27.861000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=156603" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34321 " } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-858" }, { "db": "VULMON", "id": "CVE-2021-34321" }, { "db": "JVNDB", "id": "JVNDB-2021-009284" }, { "db": "CNNVD", "id": "CNNVD-202107-910" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009284" }, { "db": "NVD", "id": "CVE-2021-34321" } ] }, "references": { "_id": null, "data": [ { "trust": 3.2, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-858/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34321" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071508" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34321" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-858" }, { "db": "VULMON", "id": "CVE-2021-34321" }, { "db": "JVNDB", "id": "JVNDB-2021-009284" }, { "db": "NVD", "id": "CVE-2021-34321" }, { "db": "CNNVD", "id": "CNNVD-202107-910" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-858", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34321", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009284", "ident": null }, { "db": "NVD", "id": "CVE-2021-34321", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-910", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-858", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34321", "ident": null }, { "date": "2022-04-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009284", "ident": null }, { "date": "2021-07-13T11:15:12.530000", "db": "NVD", "id": "CVE-2021-34321", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-910", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-858", "ident": null }, { "date": "2022-10-07T00:00:00", "db": "VULMON", "id": "CVE-2021-34321", "ident": null }, { "date": "2022-04-19T09:42:00", "db": "JVNDB", "id": "JVNDB-2021-009284", "ident": null }, { "date": "2022-10-07T20:47:36.367000", "db": "NVD", "id": "CVE-2021-34321", "ident": null }, { "date": "2022-10-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-910", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-910" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009284" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-910" } ], "trust": 0.6 } }
var-202107-1386
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13197). JT2Go and Teamcenter Visualization There are input validation and out-of-bounds read vulnerabilities. Zero Day Initiative To this vulnerability ZDI-CAN-13197 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BMP files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-847" }, { "db": "JVNDB", "id": "JVNDB-2021-009336" }, { "db": "NVD", "id": "CVE-2021-34302" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34302" } ] }, "credits": { "_id": null, "data": "xina1i at SecZone", "sources": [ { "db": "ZDI", "id": "ZDI-21-847" } ], "trust": 0.7 }, "cve": "CVE-2021-34302", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34302", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34302", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2021-34302", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34302", "trust": 1.8, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2021-34302", "trust": 0.7, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202107-877", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-34302", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-847" }, { "db": "VULMON", "id": "CVE-2021-34302" }, { "db": "JVNDB", "id": "JVNDB-2021-009336" }, { "db": "NVD", "id": "CVE-2021-34302" }, { "db": "CNNVD", "id": "CNNVD-202107-877" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13197). JT2Go and Teamcenter Visualization There are input validation and out-of-bounds read vulnerabilities. Zero Day Initiative To this vulnerability ZDI-CAN-13197 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BMP files", "sources": [ { "db": "NVD", "id": "CVE-2021-34302" }, { "db": "JVNDB", "id": "JVNDB-2021-009336" }, { "db": "ZDI", "id": "ZDI-21-847" }, { "db": "VULMON", "id": "CVE-2021-34302" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34302", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-847", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009336", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13197", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-877", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34302", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-847" }, { "db": "VULMON", "id": "CVE-2021-34302" }, { "db": "JVNDB", "id": "JVNDB-2021-009336" }, { "db": "NVD", "id": "CVE-2021-34302" }, { "db": "CNNVD", "id": "CNNVD-202107-877" } ] }, "id": "VAR-202107-1386", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:00:26.717000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=156570" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34302 " } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-847" }, { "db": "VULMON", "id": "CVE-2021-34302" }, { "db": "JVNDB", "id": "JVNDB-2021-009336" }, { "db": "CNNVD", "id": "CNNVD-202107-877" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009336" }, { "db": "NVD", "id": "CVE-2021-34302" } ] }, "references": { "_id": null, "data": [ { "trust": 3.2, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-847/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34302" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34302" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-847" }, { "db": "VULMON", "id": "CVE-2021-34302" }, { "db": "JVNDB", "id": "JVNDB-2021-009336" }, { "db": "NVD", "id": "CVE-2021-34302" }, { "db": "CNNVD", "id": "CNNVD-202107-877" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-847", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34302", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009336", "ident": null }, { "db": "NVD", "id": "CVE-2021-34302", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-877", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-847", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34302", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009336", "ident": null }, { "date": "2021-07-13T11:15:11.063000", "db": "NVD", "id": "CVE-2021-34302", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-877", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-847", "ident": null }, { "date": "2022-10-07T00:00:00", "db": "VULMON", "id": "CVE-2021-34302", "ident": null }, { "date": "2022-04-20T09:01:00", "db": "JVNDB", "id": "JVNDB-2021-009336", "ident": null }, { "date": "2022-10-07T20:48:05.497000", "db": "NVD", "id": "CVE-2021-34302", "ident": null }, { "date": "2022-10-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-877", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-877" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009336" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-877" } ], "trust": 0.6 } }
var-202202-0004
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112). Zero Day Initiative To this vulnerability ZDI-CAN-15112 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. Crafted data in a PAR file can trigger a read past the end of an allocated buffer
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0004", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "solid edge", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "se2021" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.1" }, { "model": "teamcenter visualization", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.7" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.7" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "solid edge", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "se2022" }, { "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0.9" }, { "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2.0.7" }, { "model": "solid edge", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.3.0.1" }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-340" }, { "db": "JVNDB", "id": "JVNDB-2022-005255" }, { "db": "NVD", "id": "CVE-2021-44018" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.1", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:13.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2022:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.7", "versionStartIncluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.7", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44018" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-22-340" }, { "db": "CNNVD", "id": "CNNVD-202202-811" } ], "trust": 1.3 }, "cve": "CVE-2021-44018", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-44018", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-44018", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-44018", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-44018", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-44018", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202202-811", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-340" }, { "db": "JVNDB", "id": "JVNDB-2022-005255" }, { "db": "NVD", "id": "CVE-2021-44018" }, { "db": "CNNVD", "id": "CNNVD-202202-811" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.7), Solid Edge SE2021 (All versions \u003c SE2021MP9), Solid Edge SE2022 (All versions \u003c SE2022MP1), Teamcenter Visualization V13.1 (All versions \u003c V13.1.0.9), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.7), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112). Zero Day Initiative To this vulnerability ZDI-CAN-15112 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. Crafted data in a PAR file can trigger a read past the end of an allocated buffer", "sources": [ { "db": "NVD", "id": "CVE-2021-44018" }, { "db": "JVNDB", "id": "JVNDB-2022-005255" }, { "db": "ZDI", "id": "ZDI-22-340" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-44018", "trust": 3.9 }, { "db": "ZDI", "id": "ZDI-22-340", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-301589", "trust": 1.6 }, { "db": "ICS CERT", "id": "ICSA-22-041-07", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU98748974", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-005255", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-15112", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022021110", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202202-811", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-340" }, { "db": "JVNDB", "id": "JVNDB-2022-005255" }, { "db": "NVD", "id": "CVE-2021-44018" }, { "db": "CNNVD", "id": "CNNVD-202202-811" } ] }, "id": "VAR-202202-0004", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:54:57.508000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-301589", "trust": 1.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "title": "Siemens Solid Edge Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=182465" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-340" }, { "db": "JVNDB", "id": "JVNDB-2022-005255" }, { "db": "CNNVD", "id": "CNNVD-202202-811" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.0 }, { "problemtype": "Buffer error (CWE-119) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-005255" }, { "db": "NVD", "id": "CVE-2021-44018" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://www.zerodayinitiative.com/advisories/zdi-22-340/" }, { "trust": 2.3, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44018" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu98748974/index.html" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-041-07" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022021110" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-041-07-1" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-041-07-0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-340" }, { "db": "JVNDB", "id": "JVNDB-2022-005255" }, { "db": "NVD", "id": "CVE-2021-44018" }, { "db": "CNNVD", "id": "CNNVD-202202-811" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-22-340" }, { "db": "JVNDB", "id": "JVNDB-2022-005255" }, { "db": "NVD", "id": "CVE-2021-44018" }, { "db": "CNNVD", "id": "CNNVD-202202-811" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-15T00:00:00", "db": "ZDI", "id": "ZDI-22-340" }, { "date": "2023-05-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-005255" }, { "date": "2022-02-09T16:15:14.210000", "db": "NVD", "id": "CVE-2021-44018" }, { "date": "2022-02-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202202-811" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-15T00:00:00", "db": "ZDI", "id": "ZDI-22-340" }, { "date": "2023-05-24T07:55:00", "db": "JVNDB", "id": "JVNDB-2022-005255" }, { "date": "2022-06-14T10:15:18.273000", "db": "NVD", "id": "CVE-2021-44018" }, { "date": "2022-06-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202202-811" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202202-811" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer error vulnerability in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-005255" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202202-811" } ], "trust": 0.6 } }
var-202101-0345
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11972). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-11972 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT,
VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment.
JT2Go and Teamcenter Visualization has an unspecified vulnerability
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-051" }, { "db": "CNVD", "id": "CNVD-2021-02587" }, { "db": "JVNDB", "id": "JVNDB-2020-015266" }, { "db": "NVD", "id": "CVE-2020-26984" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-21-051" } ], "trust": 0.7 }, "cve": "CVE-2020-26984", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-26984", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2021-02587", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2020-26984", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-26984", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-26984", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-26984", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2020-26984", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2020-26984", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2021-02587", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202101-851", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-051" }, { "db": "CNVD", "id": "CNVD-2021-02587" }, { "db": "JVNDB", "id": "JVNDB-2020-015266" }, { "db": "CNNVD", "id": "CNNVD-202101-851" }, { "db": "NVD", "id": "CVE-2020-26984" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11972). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-11972 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT,\r\n\r\nVFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment. \n\r\n\r\nJT2Go and Teamcenter Visualization has an unspecified vulnerability", "sources": [ { "db": "NVD", "id": "CVE-2020-26984" }, { "db": "JVNDB", "id": "JVNDB-2020-015266" }, { "db": "ZDI", "id": "ZDI-21-051" }, { "db": "CNVD", "id": "CNVD-2021-02587" } ], "trust": 2.79 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-26984", "trust": 3.7 }, { "db": "ZDI", "id": "ZDI-21-051", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-622830", "trust": 2.2 }, { "db": "JVN", "id": "JVNVU91685542", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015266", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11972", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2021-02587", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0125", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-012-03", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-851", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-051" }, { "db": "CNVD", "id": "CNVD-2021-02587" }, { "db": "JVNDB", "id": "JVNDB-2020-015266" }, { "db": "CNNVD", "id": "CNNVD-202101-851" }, { "db": "NVD", "id": "CVE-2020-26984" } ] }, "id": "VAR-202101-0345", "iot": { "_id": null, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-02587" } ], "trust": 0.06 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02587" } ] }, "last_update_date": "2024-11-23T19:46:27.381000Z", "patch": { "_id": null, "data": [ { "title": "SSA-622830", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "title": "Patch for Unspecified vulnerability exists in JT2Go and Teamcenter Visualization (CNVD-2021-02587)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/243997" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139362" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-051" }, { "db": "CNVD", "id": "CNVD-2021-02587" }, { "db": "JVNDB", "id": "JVNDB-2020-015266" }, { "db": "CNNVD", "id": "CNNVD-202101-851" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015266" }, { "db": "NVD", "id": "CVE-2020-26984" } ] }, "references": { "_id": null, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-051/" }, { "trust": 2.2, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26984" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91685542/" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0125/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-051" }, { "db": "CNVD", "id": "CNVD-2021-02587" }, { "db": "JVNDB", "id": "JVNDB-2020-015266" }, { "db": "CNNVD", "id": "CNNVD-202101-851" }, { "db": "NVD", "id": "CVE-2020-26984" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-051", "ident": null }, { "db": "CNVD", "id": "CNVD-2021-02587", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015266", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202101-851", "ident": null }, { "db": "NVD", "id": "CVE-2020-26984", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-051", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02587", "ident": null }, { "date": "2021-09-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015266", "ident": null }, { "date": "2021-01-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-851", "ident": null }, { "date": "2021-01-12T21:15:16.870000", "db": "NVD", "id": "CVE-2020-26984", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-051", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02587", "ident": null }, { "date": "2021-09-15T08:33:00", "db": "JVNDB", "id": "JVNDB-2020-015266", "ident": null }, { "date": "2021-02-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-851", "ident": null }, { "date": "2024-11-21T05:20:37.640000", "db": "NVD", "id": "CVE-2020-26984", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-851" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds Vulnerability in Microsoft", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015266" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-851" } ], "trust": 0.6 } }
var-202102-0321
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing BMP files. This can result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12018). JT2Go and Teamcenter Visualization Is vulnerable to a buffer error. Zero Day Initiative To this vulnerability ZDI-CAN-12018 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BMP files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-237" }, { "db": "JVNDB", "id": "JVNDB-2020-015930" }, { "db": "NVD", "id": "CVE-2020-27000" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-27000" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-21-237" } ], "trust": 0.7 }, "cve": "CVE-2020-27000", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.6, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-27000", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-27000", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-27000", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-27000", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2020-27000", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202102-874", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-237" }, { "db": "JVNDB", "id": "JVNDB-2020-015930" }, { "db": "NVD", "id": "CVE-2020-27000" }, { "db": "CNNVD", "id": "CNNVD-202102-874" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing BMP files. This can result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12018). JT2Go and Teamcenter Visualization Is vulnerable to a buffer error. Zero Day Initiative To this vulnerability ZDI-CAN-12018 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BMP files", "sources": [ { "db": "NVD", "id": "CVE-2020-27000" }, { "db": "JVNDB", "id": "JVNDB-2020-015930" }, { "db": "ZDI", "id": "ZDI-21-237" } ], "trust": 2.25 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-27000", "trust": 3.1 }, { "db": "ZDI", "id": "ZDI-21-237", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-663999", "trust": 1.6 }, { "db": "JVN", "id": "JVNVU91083521", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015930", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12018", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-040-06", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0495", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202102-874", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-237" }, { "db": "JVNDB", "id": "JVNDB-2020-015930" }, { "db": "NVD", "id": "CVE-2020-27000" }, { "db": "CNNVD", "id": "CNNVD-202102-874" } ] }, "id": "VAR-202102-0321", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:27:24.516000Z", "patch": { "_id": null, "data": [ { "title": "SSA-663999", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "title": "JT2Go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=141295" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-237" }, { "db": "JVNDB", "id": "JVNDB-2020-015930" }, { "db": "CNNVD", "id": "CNNVD-202102-874" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Buffer error (CWE-119) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015930" }, { "db": "NVD", "id": "CVE-2020-27000" } ] }, "references": { "_id": null, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-237/" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "trust": 1.3, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91083521/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27000" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0495" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-237" }, { "db": "JVNDB", "id": "JVNDB-2020-015930" }, { "db": "NVD", "id": "CVE-2020-27000" }, { "db": "CNNVD", "id": "CNNVD-202102-874" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-237", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015930", "ident": null }, { "db": "NVD", "id": "CVE-2020-27000", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202102-874", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-237", "ident": null }, { "date": "2021-10-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015930", "ident": null }, { "date": "2021-02-09T17:15:13.920000", "db": "NVD", "id": "CVE-2020-27000", "ident": null }, { "date": "2021-02-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-874", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-237", "ident": null }, { "date": "2021-10-25T07:06:00", "db": "JVNDB", "id": "JVNDB-2020-015930", "ident": null }, { "date": "2021-10-18T12:51:47.590000", "db": "NVD", "id": "CVE-2020-27000", "ident": null }, { "date": "2021-10-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-874", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-874" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Buffer Error Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015930" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-874" } ], "trust": 0.6 } }
var-202211-0308
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202211-0308", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.4" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.7" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.4" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.3" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022822" }, { "db": "NVD", "id": "CVE-2022-41662" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.7", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.3", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.4", "versionStartIncluding": "14.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-41662" } ] }, "cve": "CVE-2022-41662", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-41662", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-41662", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2022-41662", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202211-2315", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022822" }, { "db": "NVD", "id": "CVE-2022-41662" }, { "db": "NVD", "id": "CVE-2022-41662" }, { "db": "CNNVD", "id": "CNNVD-202211-2315" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.4), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.7), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.3), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. Siemens\u0027 JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-41662" }, { "db": "JVNDB", "id": "JVNDB-2022-022822" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-41662", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-120378", "trust": 2.4 }, { "db": "ICS CERT", "id": "ICSA-22-314-09", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU93762879", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-022822", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202211-2315", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022822" }, { "db": "NVD", "id": "CVE-2022-41662" }, { "db": "CNNVD", "id": "CNNVD-202211-2315" } ] }, "id": "VAR-202211-0308", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:32:53.926000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens JT2Go and Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=213369" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-2315" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022822" }, { "db": "NVD", "id": "CVE-2022-41662" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41662" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93762879/" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-314-09" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-41662/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022822" }, { "db": "NVD", "id": "CVE-2022-41662" }, { "db": "CNNVD", "id": "CNNVD-202211-2315" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2022-022822" }, { "db": "NVD", "id": "CVE-2022-41662" }, { "db": "CNNVD", "id": "CNNVD-202211-2315" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-022822" }, { "date": "2022-11-08T11:15:11.690000", "db": "NVD", "id": "CVE-2022-41662" }, { "date": "2022-11-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202211-2315" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-21T01:47:00", "db": "JVNDB", "id": "JVNDB-2022-022822" }, { "date": "2023-06-13T09:15:15.177000", "db": "NVD", "id": "CVE-2022-41662" }, { "date": "2023-06-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202211-2315" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-2315" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022822" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-2315" } ], "trust": 0.6 } }
var-202102-0320
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12042). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-12042 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.2" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0.2" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-239" }, { "db": "ZDI", "id": "ZDI-21-860" }, { "db": "JVNDB", "id": "JVNDB-2020-015931" }, { "db": "NVD", "id": "CVE-2020-26999" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-26999" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-860" }, { "db": "CNNVD", "id": "CNNVD-202102-873" } ], "trust": 1.3 }, "cve": "CVE-2020-26999", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.6, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-26999", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-26999", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-26999", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-26999", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2020-26999", "trust": 1.4, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202102-873", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2020-26999", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-239" }, { "db": "ZDI", "id": "ZDI-21-860" }, { "db": "VULMON", "id": "CVE-2020-26999" }, { "db": "JVNDB", "id": "JVNDB-2020-015931" }, { "db": "NVD", "id": "CVE-2020-26999" }, { "db": "CNNVD", "id": "CNNVD-202102-873" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.2), Teamcenter Visualization (All versions \u003c V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12042). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-12042 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files", "sources": [ { "db": "NVD", "id": "CVE-2020-26999" }, { "db": "JVNDB", "id": "JVNDB-2020-015931" }, { "db": "ZDI", "id": "ZDI-21-239" }, { "db": "ZDI", "id": "ZDI-21-860" }, { "db": "VULMON", "id": "CVE-2020-26999" } ], "trust": 2.97 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-26999", "trust": 3.9 }, { "db": "ZDI", "id": "ZDI-21-239", "trust": 3.2 }, { "db": "ZDI", "id": "ZDI-21-860", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-663999", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-695540", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2020-015931", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12042", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13418", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.1836", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0495", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-147-04", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-040-06", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202102-873", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-26999", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-239" }, { "db": "ZDI", "id": "ZDI-21-860" }, { "db": "VULMON", "id": "CVE-2020-26999" }, { "db": "JVNDB", "id": "JVNDB-2020-015931" }, { "db": "NVD", "id": "CVE-2020-26999" }, { "db": "CNNVD", "id": "CNNVD-202102-873" } ] }, "id": "VAR-202102-0320", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:15:24.020000Z", "patch": { "_id": null, "data": [ { "title": "SSA-663999 Siemens\u00a0Security\u00a0Advisory", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "title": " https://us-cert.cisa.gov/ics/advisories/icsa-21-147-04", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-147-04https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "title": "JT2Go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=141294" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=22012358d4c381f4f14edecd2684a63a" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=1c3bdb36e22f42f5b9339f0ff806382c" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-239" }, { "db": "ZDI", "id": "ZDI-21-860" }, { "db": "VULMON", "id": "CVE-2020-26999" }, { "db": "JVNDB", "id": "JVNDB-2020-015931" }, { "db": "CNNVD", "id": "CNNVD-202102-873" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015931" }, { "db": "NVD", "id": "CVE-2020-26999" } ] }, "references": { "_id": null, "data": [ { "trust": 2.5, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-239/" }, { "trust": 2.5, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-860/" }, { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "trust": 1.3, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-147-04" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26999" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-147-04https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0495" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1836" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-239" }, { "db": "ZDI", "id": "ZDI-21-860" }, { "db": "VULMON", "id": "CVE-2020-26999" }, { "db": "JVNDB", "id": "JVNDB-2020-015931" }, { "db": "NVD", "id": "CVE-2020-26999" }, { "db": "CNNVD", "id": "CNNVD-202102-873" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-239", "ident": null }, { "db": "ZDI", "id": "ZDI-21-860", "ident": null }, { "db": "VULMON", "id": "CVE-2020-26999", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015931", "ident": null }, { "db": "NVD", "id": "CVE-2020-26999", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202102-873", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-239", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-860", "ident": null }, { "date": "2021-02-09T00:00:00", "db": "VULMON", "id": "CVE-2020-26999", "ident": null }, { "date": "2021-10-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015931", "ident": null }, { "date": "2021-02-09T17:15:13.843000", "db": "NVD", "id": "CVE-2020-26999", "ident": null }, { "date": "2021-02-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-873", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-06-08T00:00:00", "db": "ZDI", "id": "ZDI-21-239", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-860", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "VULMON", "id": "CVE-2020-26999", "ident": null }, { "date": "2021-10-25T07:17:00", "db": "JVNDB", "id": "JVNDB-2020-015931", "ident": null }, { "date": "2022-02-22T14:17:16.100000", "db": "NVD", "id": "CVE-2020-26999", "ident": null }, { "date": "2021-07-20T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-873", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-873" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015931" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-873" } ], "trust": 0.6 } }
var-202101-0341
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing JT files. A crafted JT file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11881). JT2Go and Teamcenter Visualization Exists in a mistyped vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-11881 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT,
VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-046" }, { "db": "CNVD", "id": "CNVD-2021-02591" }, { "db": "JVNDB", "id": "JVNDB-2020-015262" }, { "db": "NVD", "id": "CVE-2020-26980" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-21-046" } ], "trust": 0.7 }, "cve": "CVE-2020-26980", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-26980", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2021-02591", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2020-26980", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-26980", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-26980", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-26980", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2020-26980", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2020-26980", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2021-02591", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202101-924", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-046" }, { "db": "CNVD", "id": "CNVD-2021-02591" }, { "db": "JVNDB", "id": "JVNDB-2020-015262" }, { "db": "CNNVD", "id": "CNNVD-202101-924" }, { "db": "NVD", "id": "CVE-2020-26980" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing JT files. A crafted JT file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11881). JT2Go and Teamcenter Visualization Exists in a mistyped vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-11881 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT,\r\n\r\nVFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment", "sources": [ { "db": "NVD", "id": "CVE-2020-26980" }, { "db": "JVNDB", "id": "JVNDB-2020-015262" }, { "db": "ZDI", "id": "ZDI-21-046" }, { "db": "CNVD", "id": "CNVD-2021-02591" } ], "trust": 2.79 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-26980", "trust": 3.7 }, { "db": "ZDI", "id": "ZDI-21-046", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-622830", "trust": 2.2 }, { "db": "JVN", "id": "JVNVU91685542", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015262", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11881", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2021-02591", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0125", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-012-03", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-924", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-046" }, { "db": "CNVD", "id": "CNVD-2021-02591" }, { "db": "JVNDB", "id": "JVNDB-2020-015262" }, { "db": "CNNVD", "id": "CNNVD-202101-924" }, { "db": "NVD", "id": "CVE-2020-26980" } ] }, "id": "VAR-202101-0341", "iot": { "_id": null, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-02591" } ], "trust": 0.06 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02591" } ] }, "last_update_date": "2024-11-23T19:33:08.785000Z", "patch": { "_id": null, "data": [ { "title": "SSA-622830", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "title": "Patch for JT2Go and Teamcenter Visualization access resource incompatibility vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/244009" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Remediation measures for authorization problem vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139397" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-046" }, { "db": "CNVD", "id": "CNVD-2021-02591" }, { "db": "JVNDB", "id": "JVNDB-2020-015262" }, { "db": "CNNVD", "id": "CNNVD-202101-924" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-843", "trust": 1.0 }, { "problemtype": "Wrong type (CWE-843) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015262" }, { "db": "NVD", "id": "CVE-2020-26980" } ] }, "references": { "_id": null, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-046/" }, { "trust": 2.2, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26980" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91685542/" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0125/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-046" }, { "db": "CNVD", "id": "CNVD-2021-02591" }, { "db": "JVNDB", "id": "JVNDB-2020-015262" }, { "db": "CNNVD", "id": "CNNVD-202101-924" }, { "db": "NVD", "id": "CVE-2020-26980" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-046", "ident": null }, { "db": "CNVD", "id": "CNVD-2021-02591", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015262", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202101-924", "ident": null }, { "db": "NVD", "id": "CVE-2020-26980", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-046", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02591", "ident": null }, { "date": "2021-09-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015262", "ident": null }, { "date": "2021-01-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-924", "ident": null }, { "date": "2021-01-12T21:15:16.620000", "db": "NVD", "id": "CVE-2020-26980", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-046", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02591", "ident": null }, { "date": "2021-09-15T08:33:00", "db": "JVNDB", "id": "JVNDB-2020-015262", "ident": null }, { "date": "2021-02-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-924", "ident": null }, { "date": "2024-11-21T05:20:37.187000", "db": "NVD", "id": "CVE-2020-26980", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-924" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Vulnerability regarding mistyping in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015262" } ], "trust": 0.8 }, "type": { "_id": null, "data": "authorization issue", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-924" } ], "trust": 0.6 } }
var-202112-0795
Vulnerability from variot
A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15057, ZDI-CAN-19081). JT2Go and Teamcenter Visualization Exists in a vulnerability related to the use of freed memory. Zero Day Initiative To this vulnerability ZDI-CAN-15107 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0795", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt utilities", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.1.0" }, { "model": "jt open toolkit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "11.1.1.0" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "solid edge", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "se2023" }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2.0.5" }, { "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null }, { "model": "solid edge viewer", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-005" }, { "db": "ZDI", "id": "ZDI-23-090" }, { "db": "JVNDB", "id": "JVNDB-2021-005656" }, { "db": "NVD", "id": "CVE-2021-44014" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt_open_toolkit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.1.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt_utilities:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "se2023", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44014" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-22-005" }, { "db": "ZDI", "id": "ZDI-23-090" }, { "db": "CNNVD", "id": "CNNVD-202112-1205" } ], "trust": 2.0 }, "cve": "CVE-2021-44014", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-44014", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-44014", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-44014", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-44014", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-44014", "trust": 1.4, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2021-44014", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202112-1205", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-44014", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-005" }, { "db": "ZDI", "id": "ZDI-23-090" }, { "db": "VULMON", "id": "CVE-2021-44014" }, { "db": "JVNDB", "id": "JVNDB-2021-005656" }, { "db": "NVD", "id": "CVE-2021-44014" }, { "db": "NVD", "id": "CVE-2021-44014" }, { "db": "CNNVD", "id": "CNNVD-202112-1205" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT Open (All versions \u003c V11.1.1.0), JT Utilities (All versions \u003c V13.1.1.0), Solid Edge (All versions \u003c V2023). The Jt1001.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15057, ZDI-CAN-19081). JT2Go and Teamcenter Visualization Exists in a vulnerability related to the use of freed memory. Zero Day Initiative To this vulnerability ZDI-CAN-15107 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object", "sources": [ { "db": "NVD", "id": "CVE-2021-44014" }, { "db": "JVNDB", "id": "JVNDB-2021-005656" }, { "db": "ZDI", "id": "ZDI-22-005" }, { "db": "ZDI", "id": "ZDI-23-090" }, { "db": "VULMON", "id": "CVE-2021-44014" } ], "trust": 2.97 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-44014", "trust": 4.7 }, { "db": "SIEMENS", "id": "SSA-936212", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-595101", "trust": 1.7 }, { "db": "ZDI", "id": "ZDI-22-005", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU96592426", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU90782730", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-005656", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-15057", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19081", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-090", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-350-10", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.4300", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010614", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202112-1205", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-44014", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-005" }, { "db": "ZDI", "id": "ZDI-23-090" }, { "db": "VULMON", "id": "CVE-2021-44014" }, { "db": "JVNDB", "id": "JVNDB-2021-005656" }, { "db": "NVD", "id": "CVE-2021-44014" }, { "db": "CNNVD", "id": "CNNVD-202112-1205" } ] }, "id": "VAR-202112-0795", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:58:01.037000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-595101", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "title": "", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdfhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-936212.html" }, { "title": "Siemens Jt2go Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=174920" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=39139dcd04f2a523ea449623583b65af" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-005" }, { "db": "ZDI", "id": "ZDI-23-090" }, { "db": "VULMON", "id": "CVE-2021-44014" }, { "db": "JVNDB", "id": "JVNDB-2021-005656" }, { "db": "CNNVD", "id": "CNNVD-202112-1205" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-416", "trust": 1.0 }, { "problemtype": "Use of freed memory (CWE-416) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-005656" }, { "db": "NVD", "id": "CVE-2021-44014" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf" }, { "trust": 1.3, "url": "https://www.zerodayinitiative.com/advisories/zdi-22-005/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu96592426/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu90782730/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44014" }, { "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdfhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10" }, { "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-936212.html" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-10" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4300" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010614" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/416.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-005" }, { "db": "ZDI", "id": "ZDI-23-090" }, { "db": "VULMON", "id": "CVE-2021-44014" }, { "db": "JVNDB", "id": "JVNDB-2021-005656" }, { "db": "NVD", "id": "CVE-2021-44014" }, { "db": "CNNVD", "id": "CNNVD-202112-1205" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-22-005" }, { "db": "ZDI", "id": "ZDI-23-090" }, { "db": "VULMON", "id": "CVE-2021-44014" }, { "db": "JVNDB", "id": "JVNDB-2021-005656" }, { "db": "NVD", "id": "CVE-2021-44014" }, { "db": "CNNVD", "id": "CNNVD-202112-1205" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-06T00:00:00", "db": "ZDI", "id": "ZDI-22-005" }, { "date": "2023-01-18T00:00:00", "db": "ZDI", "id": "ZDI-23-090" }, { "date": "2021-12-14T00:00:00", "db": "VULMON", "id": "CVE-2021-44014" }, { "date": "2021-12-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-005656" }, { "date": "2021-12-14T12:15:10.770000", "db": "NVD", "id": "CVE-2021-44014" }, { "date": "2021-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1205" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-09T00:00:00", "db": "ZDI", "id": "ZDI-22-005" }, { "date": "2023-01-18T00:00:00", "db": "ZDI", "id": "ZDI-23-090" }, { "date": "2023-02-21T00:00:00", "db": "VULMON", "id": "CVE-2021-44014" }, { "date": "2023-01-16T07:40:00", "db": "JVNDB", "id": "JVNDB-2021-005656" }, { "date": "2023-02-21T18:35:00.857000", "db": "NVD", "id": "CVE-2021-44014" }, { "date": "2023-01-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1205" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1205" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Vulnerability in using free memory in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-005656" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1205" } ], "trust": 0.6 } }
var-202101-0343
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CG4 and CGM files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11898). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-11898 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CG4 and CGM files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT,
VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment.
JT2Go and Teamcenter Visualization has an unspecified vulnerability
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-052" }, { "db": "CNVD", "id": "CNVD-2021-02589" }, { "db": "JVNDB", "id": "JVNDB-2020-015264" }, { "db": "NVD", "id": "CVE-2020-26982" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-21-052" } ], "trust": 0.7 }, "cve": "CVE-2020-26982", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-26982", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2021-02589", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2020-26982", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-26982", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-26982", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-26982", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2020-26982", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2020-26982", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2021-02589", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202101-921", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-052" }, { "db": "CNVD", "id": "CNVD-2021-02589" }, { "db": "JVNDB", "id": "JVNDB-2020-015264" }, { "db": "CNNVD", "id": "CNNVD-202101-921" }, { "db": "NVD", "id": "CVE-2020-26982" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CG4 and CGM files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11898). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-11898 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CG4 and CGM files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT,\r\n\r\nVFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment. \n\r\n\r\nJT2Go and Teamcenter Visualization has an unspecified vulnerability", "sources": [ { "db": "NVD", "id": "CVE-2020-26982" }, { "db": "JVNDB", "id": "JVNDB-2020-015264" }, { "db": "ZDI", "id": "ZDI-21-052" }, { "db": "CNVD", "id": "CNVD-2021-02589" } ], "trust": 2.79 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-26982", "trust": 3.7 }, { "db": "ZDI", "id": "ZDI-21-052", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-622830", "trust": 2.2 }, { "db": "JVN", "id": "JVNVU91685542", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015264", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11898", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2021-02589", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0125", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-012-03", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-921", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-052" }, { "db": "CNVD", "id": "CNVD-2021-02589" }, { "db": "JVNDB", "id": "JVNDB-2020-015264" }, { "db": "CNNVD", "id": "CNNVD-202101-921" }, { "db": "NVD", "id": "CVE-2020-26982" } ] }, "id": "VAR-202101-0343", "iot": { "_id": null, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-02589" } ], "trust": 0.06 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02589" } ] }, "last_update_date": "2024-11-23T20:48:21.973000Z", "patch": { "_id": null, "data": [ { "title": "SSA-622830", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "title": "Patch for Unidentified vulnerabilities in JT2Go and Teamcenter Visualization", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/244003" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139396" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-052" }, { "db": "CNVD", "id": "CNVD-2021-02589" }, { "db": "JVNDB", "id": "JVNDB-2020-015264" }, { "db": "CNNVD", "id": "CNNVD-202101-921" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015264" }, { "db": "NVD", "id": "CVE-2020-26982" } ] }, "references": { "_id": null, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-052/" }, { "trust": 2.2, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26982" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91685542/" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0125/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-052" }, { "db": "CNVD", "id": "CNVD-2021-02589" }, { "db": "JVNDB", "id": "JVNDB-2020-015264" }, { "db": "CNNVD", "id": "CNNVD-202101-921" }, { "db": "NVD", "id": "CVE-2020-26982" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-052", "ident": null }, { "db": "CNVD", "id": "CNVD-2021-02589", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015264", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202101-921", "ident": null }, { "db": "NVD", "id": "CVE-2020-26982", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-052", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02589", "ident": null }, { "date": "2021-09-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015264", "ident": null }, { "date": "2021-01-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-921", "ident": null }, { "date": "2021-01-12T21:15:16.747000", "db": "NVD", "id": "CVE-2020-26982", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-052", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02589", "ident": null }, { "date": "2021-09-15T08:33:00", "db": "JVNDB", "id": "JVNDB-2020-015264", "ident": null }, { "date": "2021-02-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-921", "ident": null }, { "date": "2024-11-21T05:20:37.417000", "db": "NVD", "id": "CVE-2020-26982", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-921" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds Vulnerability in Microsoft", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015264" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-921" } ], "trust": 0.6 } }
var-202212-1162
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1162", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.12" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.6" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.8" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "jt2go", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.4" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023185" }, { "db": "NVD", "id": "CVE-2022-41285" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.4", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.8", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.12", "versionStartIncluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-41285" } ] }, "cve": "CVE-2022-41285", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "OTHER", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2022-023185", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2022-41285", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2022-41285", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2022-023185", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202212-3107", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023185" }, { "db": "NVD", "id": "CVE-2022-41285" }, { "db": "NVD", "id": "CVE-2022-41285" }, { "db": "CNNVD", "id": "CNNVD-202212-3107" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. Siemens\u0027 JT2Go and Teamcenter Visualization Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-41285" }, { "db": "JVNDB", "id": "JVNDB-2022-023185" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-41285", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-700053", "trust": 2.4 }, { "db": "ICS CERT", "id": "ICSA-22-349-20", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU91561630", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-023185", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202212-3107", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023185" }, { "db": "NVD", "id": "CVE-2022-41285" }, { "db": "CNNVD", "id": "CNNVD-202212-3107" } ] }, "id": "VAR-202212-1162", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:52:04.354000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens part of the product Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=217845" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3107" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-416", "trust": 1.0 }, { "problemtype": "Use of freed memory (CWE-416) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023185" }, { "db": "NVD", "id": "CVE-2022-41285" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91561630/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41285" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-20" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-41285/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023185" }, { "db": "NVD", "id": "CVE-2022-41285" }, { "db": "CNNVD", "id": "CNNVD-202212-3107" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2022-023185" }, { "db": "NVD", "id": "CVE-2022-41285" }, { "db": "CNNVD", "id": "CNNVD-202212-3107" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-023185" }, { "date": "2022-12-13T16:15:22.887000", "db": "NVD", "id": "CVE-2022-41285" }, { "date": "2022-12-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3107" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-28T02:18:00", "db": "JVNDB", "id": "JVNDB-2022-023185" }, { "date": "2023-04-11T10:15:17.090000", "db": "NVD", "id": "CVE-2022-41285" }, { "date": "2023-04-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3107" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3107" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Vulnerability in using free memory in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023185" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3107" } ], "trust": 0.6 } }
var-202212-1168
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains stack exhaustion vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens' JT2Go and Teamcenter Visualization Exists in a vulnerability in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1168", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.12" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.6" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.8" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "jt2go", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.4" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023232" }, { "db": "NVD", "id": "CVE-2022-41288" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.4", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.8", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.12", "versionStartIncluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-41288" } ] }, "cve": "CVE-2022-41288", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "productcert@siemens.com", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "OTHER", "availabilityImpact": "Low", "baseScore": 3.3, "baseSeverity": "Low", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2022-023232", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2022-41288", "trust": 1.0, "value": "LOW" }, { "author": "NVD", "id": "CVE-2022-41288", "trust": 1.0, "value": "MEDIUM" }, { "author": "OTHER", "id": "JVNDB-2022-023232", "trust": 0.8, "value": "Low" }, { "author": "CNNVD", "id": "CNNVD-202212-3103", "trust": 0.6, "value": "LOW" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023232" }, { "db": "NVD", "id": "CVE-2022-41288" }, { "db": "NVD", "id": "CVE-2022-41288" }, { "db": "CNNVD", "id": "CNNVD-202212-3103" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains stack exhaustion vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens\u0027 JT2Go and Teamcenter Visualization Exists in a vulnerability in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-41288" }, { "db": "JVNDB", "id": "JVNDB-2022-023232" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-41288", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-700053", "trust": 2.4 }, { "db": "ICS CERT", "id": "ICSA-22-349-20", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU91561630", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-023232", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202212-3103", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023232" }, { "db": "NVD", "id": "CVE-2022-41288" }, { "db": "CNNVD", "id": "CNNVD-202212-3103" } ] }, "id": "VAR-202212-1168", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:49:30.638000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens part of the product Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=228954" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3103" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-770", "trust": 1.0 }, { "problemtype": "Allocation of resources without limits or throttling (CWE-770) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023232" }, { "db": "NVD", "id": "CVE-2022-41288" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91561630/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41288" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-20" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-41288/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023232" }, { "db": "NVD", "id": "CVE-2022-41288" }, { "db": "CNNVD", "id": "CNNVD-202212-3103" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2022-023232" }, { "db": "NVD", "id": "CVE-2022-41288" }, { "db": "CNNVD", "id": "CNNVD-202212-3103" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-023232" }, { "date": "2022-12-13T16:15:23.133000", "db": "NVD", "id": "CVE-2022-41288" }, { "date": "2022-12-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3103" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-28T03:07:00", "db": "JVNDB", "id": "JVNDB-2022-023232" }, { "date": "2023-04-11T10:15:17.383000", "db": "NVD", "id": "CVE-2022-41288" }, { "date": "2023-04-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3103" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3103" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Vulnerability in resource allocation without restrictions or throttling in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023232" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3103" } ], "trust": 0.6 } }
var-202211-0309
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202211-0309", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.4" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.7" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.4" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.3" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022823" }, { "db": "NVD", "id": "CVE-2022-41663" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.7", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.3", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.4", "versionStartIncluding": "14.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-41663" } ] }, "cve": "CVE-2022-41663", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-41663", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-41663", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2022-41663", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202211-2314", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022823" }, { "db": "NVD", "id": "CVE-2022-41663" }, { "db": "NVD", "id": "CVE-2022-41663" }, { "db": "CNNVD", "id": "CNNVD-202211-2314" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.4), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.7), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.3), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.4). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. Siemens\u0027 JT2Go and Teamcenter Visualization Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-41663" }, { "db": "JVNDB", "id": "JVNDB-2022-022823" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-41663", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-120378", "trust": 2.4 }, { "db": "ICS CERT", "id": "ICSA-22-314-09", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU93762879", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-022823", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202211-2314", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022823" }, { "db": "NVD", "id": "CVE-2022-41663" }, { "db": "CNNVD", "id": "CNNVD-202211-2314" } ] }, "id": "VAR-202211-0309", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:53:12.291000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens JT2Go and Teamcenter Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=213368" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-2314" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-416", "trust": 1.0 }, { "problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022823" }, { "db": "NVD", "id": "CVE-2022-41663" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93762879/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41663" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-314-09" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-41663/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022823" }, { "db": "NVD", "id": "CVE-2022-41663" }, { "db": "CNNVD", "id": "CNNVD-202211-2314" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2022-022823" }, { "db": "NVD", "id": "CVE-2022-41663" }, { "db": "CNNVD", "id": "CNNVD-202211-2314" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-022823" }, { "date": "2022-11-08T11:15:11.753000", "db": "NVD", "id": "CVE-2022-41663" }, { "date": "2022-11-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202211-2314" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-21T01:47:00", "db": "JVNDB", "id": "JVNDB-2022-022823" }, { "date": "2023-06-13T09:15:15.243000", "db": "NVD", "id": "CVE-2022-41663" }, { "date": "2023-06-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202211-2314" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-2314" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Vulnerability in using free memory in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022823" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-2314" } ], "trust": 0.6 } }
var-202205-0950
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. Siemens JT2GO and Teamcenter Visualization
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0950", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.1" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.3" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.3" } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29032" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.1", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.3", "versionStartIncluding": "13.3", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29032" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "reported these vulnerabilities to CISA., of ADLab of Venustech,Jin Huang", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3134" } ], "trust": 0.6 }, "cve": "CVE-2022-29032", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-29032", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202205-3134", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29032" }, { "db": "CNNVD", "id": "CNNVD-202205-3134" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.3.0.3), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.3), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. Siemens JT2GO and Teamcenter Visualization", "sources": [ { "db": "NVD", "id": "CVE-2022-29032" }, { "db": "VULMON", "id": "CVE-2022-29032" } ], "trust": 0.99 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-29032", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-553086", "trust": 1.6 }, { "db": "ICS CERT", "id": "ICSA-22-132-09", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022051211", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.2350", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202205-3134", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-29032", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-29032" }, { "db": "NVD", "id": "CVE-2022-29032" }, { "db": "CNNVD", "id": "CNNVD-202205-3134" } ] }, "id": "VAR-202205-0950", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:56:05.382000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens JT2GO and Siemens Teamcenter Visualization Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=192517" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3134" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-415", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29032" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-132-09" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-29032/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.2350" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022051211" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-09" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-29032" }, { "db": "NVD", "id": "CVE-2022-29032" }, { "db": "CNNVD", "id": "CNNVD-202205-3134" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-29032" }, { "db": "NVD", "id": "CVE-2022-29032" }, { "db": "CNNVD", "id": "CNNVD-202205-3134" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-20T13:15:15.743000", "db": "NVD", "id": "CVE-2022-29032" }, { "date": "2022-05-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202205-3134" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-26T22:45:32.993000", "db": "NVD", "id": "CVE-2022-29032" }, { "date": "2022-05-30T00:00:00", "db": "CNNVD", "id": "CNNVD-202205-3134" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3134" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens JT2GO and Siemens Teamcenter Visualization Resource Management Error Vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3134" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3134" } ], "trust": 0.6 } }
var-202101-0350
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11892). Several Siemens products are vulnerable to out-of-bounds writes. Zero Day Initiative To this vulnerability ZDI-CAN-11892 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT,
VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "solid edge", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "se2021" }, { "_id": null, "model": "solid edge", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "se2021" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0.1" }, { "_id": null, "model": "solid edge", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null }, { "_id": null, "model": "jt2go", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-050" }, { "db": "CNVD", "id": "CNVD-2021-02582" }, { "db": "JVNDB", "id": "JVNDB-2020-015271" }, { "db": "NVD", "id": "CVE-2020-26989" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-21-050" } ], "trust": 0.7 }, "cve": "CVE-2020-26989", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-26989", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2021-02582", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-26989", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-26989", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-26989", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-26989", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2020-26989", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2020-26989", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2021-02582", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202101-848", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-050" }, { "db": "CNVD", "id": "CNVD-2021-02582" }, { "db": "JVNDB", "id": "JVNDB-2020-015271" }, { "db": "CNNVD", "id": "CNNVD-202101-848" }, { "db": "NVD", "id": "CVE-2020-26989" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Solid Edge SE2020 (All Versions \u003c SE2020MP12), Solid Edge SE2021 (All Versions \u003c SE2021MP2), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11892). Several Siemens products are vulnerable to out-of-bounds writes. Zero Day Initiative To this vulnerability ZDI-CAN-11892 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT,\r\n\r\nVFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment", "sources": [ { "db": "NVD", "id": "CVE-2020-26989" }, { "db": "JVNDB", "id": "JVNDB-2020-015271" }, { "db": "ZDI", "id": "ZDI-21-050" }, { "db": "CNVD", "id": "CNVD-2021-02582" } ], "trust": 2.79 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-26989", "trust": 3.7 }, { "db": "ZDI", "id": "ZDI-21-050", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-622830", "trust": 2.2 }, { "db": "SIEMENS", "id": "SSA-663999", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-979834", "trust": 1.6 }, { "db": "JVN", "id": "JVNVU91685542", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015271", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11892", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2021-02582", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0125", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0495", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-012-03", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-040-06", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-848", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-050" }, { "db": "CNVD", "id": "CNVD-2021-02582" }, { "db": "JVNDB", "id": "JVNDB-2020-015271" }, { "db": "CNNVD", "id": "CNNVD-202101-848" }, { "db": "NVD", "id": "CVE-2020-26989" } ] }, "id": "VAR-202101-0350", "iot": { "_id": null, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-02582" } ], "trust": 0.06 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02582" } ] }, "last_update_date": "2024-11-23T21:31:23.872000Z", "patch": { "_id": null, "data": [ { "title": "SSA-979834", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "title": "Patch for JT2Go and Teamcenter Visualization heap buffer overflow vulnerability (CNVD-2021-02582)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/243982" }, { "title": "Siemens Jt2go and Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139359" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-050" }, { "db": "CNVD", "id": "CNVD-2021-02582" }, { "db": "JVNDB", "id": "JVNDB-2020-015271" }, { "db": "CNNVD", "id": "CNNVD-202101-848" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015271" }, { "db": "NVD", "id": "CVE-2020-26989" } ] }, "references": { "_id": null, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-050/" }, { "trust": 2.2, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26989" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91685542/" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0495" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0125/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-050" }, { "db": "CNVD", "id": "CNVD-2021-02582" }, { "db": "JVNDB", "id": "JVNDB-2020-015271" }, { "db": "CNNVD", "id": "CNNVD-202101-848" }, { "db": "NVD", "id": "CVE-2020-26989" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-050", "ident": null }, { "db": "CNVD", "id": "CNVD-2021-02582", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015271", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202101-848", "ident": null }, { "db": "NVD", "id": "CVE-2020-26989", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-050", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02582", "ident": null }, { "date": "2021-09-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015271", "ident": null }, { "date": "2021-01-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-848", "ident": null }, { "date": "2021-01-12T21:15:17.183000", "db": "NVD", "id": "CVE-2020-26989", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-050", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02582", "ident": null }, { "date": "2021-09-15T08:33:00", "db": "JVNDB", "id": "JVNDB-2020-015271", "ident": null }, { "date": "2021-07-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-848", "ident": null }, { "date": "2024-11-21T05:20:38.207000", "db": "NVD", "id": "CVE-2020-26989", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-848" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Out-of-bounds write vulnerabilities in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015271" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-848" } ], "trust": 0.6 } }
var-202211-0310
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202211-0310", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.4" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.7" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.4" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.3" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022821" }, { "db": "NVD", "id": "CVE-2022-41661" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.7", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.3", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.4", "versionStartIncluding": "14.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-41661" } ] }, "cve": "CVE-2022-41661", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-41661", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-41661", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2022-41661", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202211-2317", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022821" }, { "db": "NVD", "id": "CVE-2022-41661" }, { "db": "NVD", "id": "CVE-2022-41661" }, { "db": "CNNVD", "id": "CNNVD-202211-2317" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.4), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.7), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.3), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. Siemens\u0027 JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-41661" }, { "db": "JVNDB", "id": "JVNDB-2022-022821" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-41661", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-120378", "trust": 2.4 }, { "db": "ICS CERT", "id": "ICSA-22-314-09", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU93762879", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-022821", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202211-2317", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022821" }, { "db": "NVD", "id": "CVE-2022-41661" }, { "db": "CNNVD", "id": "CNNVD-202211-2317" } ] }, "id": "VAR-202211-0310", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:58:13.445000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens JT2Go and Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=213371" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-2317" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022821" }, { "db": "NVD", "id": "CVE-2022-41661" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93762879/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41661" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-314-09" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-41661/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022821" }, { "db": "NVD", "id": "CVE-2022-41661" }, { "db": "CNNVD", "id": "CNNVD-202211-2317" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2022-022821" }, { "db": "NVD", "id": "CVE-2022-41661" }, { "db": "CNNVD", "id": "CNNVD-202211-2317" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-022821" }, { "date": "2022-11-08T11:15:11.623000", "db": "NVD", "id": "CVE-2022-41661" }, { "date": "2022-11-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202211-2317" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-21T01:47:00", "db": "JVNDB", "id": "JVNDB-2022-022821" }, { "date": "2023-06-13T09:15:15.097000", "db": "NVD", "id": "CVE-2022-41661" }, { "date": "2023-06-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202211-2317" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-2317" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022821" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-2317" } ], "trust": 0.6 } }
var-202211-0305
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202211-0305", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.4" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.7" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.4" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.3" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022820" }, { "db": "NVD", "id": "CVE-2022-41660" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.7", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.3", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.4", "versionStartIncluding": "14.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-41660" } ] }, "cve": "CVE-2022-41660", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-41660", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-41660", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2022-41660", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202211-2316", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022820" }, { "db": "NVD", "id": "CVE-2022-41660" }, { "db": "NVD", "id": "CVE-2022-41660" }, { "db": "CNNVD", "id": "CNNVD-202211-2316" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.4), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.7), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.3), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.4). The affected products contain an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. Siemens\u0027 JT2Go and Teamcenter Visualization Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-41660" }, { "db": "JVNDB", "id": "JVNDB-2022-022820" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-41660", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-120378", "trust": 2.4 }, { "db": "ICS CERT", "id": "ICSA-22-314-09", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU93762879", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-022820", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202211-2316", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022820" }, { "db": "NVD", "id": "CVE-2022-41660" }, { "db": "CNNVD", "id": "CNNVD-202211-2316" } ] }, "id": "VAR-202211-0305", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:01:20.952000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens JT2Go and Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=213370" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-2316" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022820" }, { "db": "NVD", "id": "CVE-2022-41660" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93762879/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41660" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-314-09" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-41660/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022820" }, { "db": "NVD", "id": "CVE-2022-41660" }, { "db": "CNNVD", "id": "CNNVD-202211-2316" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2022-022820" }, { "db": "NVD", "id": "CVE-2022-41660" }, { "db": "CNNVD", "id": "CNNVD-202211-2316" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-022820" }, { "date": "2022-11-08T11:15:11.530000", "db": "NVD", "id": "CVE-2022-41660" }, { "date": "2022-11-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202211-2316" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-21T01:47:00", "db": "JVNDB", "id": "JVNDB-2022-022820" }, { "date": "2023-06-13T09:15:15.023000", "db": "NVD", "id": "CVE-2022-41660" }, { "date": "2023-06-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202211-2316" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-2316" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds write vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022820" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-2316" } ], "trust": 0.6 } }
var-202106-1196
Vulnerability from variot
An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DGN files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.2" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.2" }, { "_id": null, "model": "drawings sdk", "scope": "lte", "trust": 1.0, "vendor": "opendesign", "version": "2022.4" }, { "_id": null, "model": "comos", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "10.4.1" }, { "_id": null, "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": "2022.4 all previous s - cve-2021-32938 , cve-2021-32936 , cve-2021-32940 , cve-2021-32948 , cve-2021-32950 , cve-2021-32944" }, { "_id": null, "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": "2022.5 all previous s - cve-2021-32946 , cve-2021-32952" }, { "_id": null, "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null }, { "_id": null, "model": "drawing sdk", "scope": null, "trust": 0.7, "vendor": "open design alliance oda", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-989" }, { "db": "ZDI", "id": "ZDI-23-123" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "NVD", "id": "CVE-2021-32952" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-989" }, { "db": "CNNVD", "id": "CNNVD-202106-683" } ], "trust": 1.3 }, "cve": "CVE-2021-32952", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-32952", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-392938", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-32952", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-32952", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "IPA", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2021-001881", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H \t", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2021-32952", "trust": 1.4, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2021-32952", "trust": 1.0, "value": "HIGH" }, { "author": "IPA", "id": "JVNDB-2021-001881", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202106-683", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-392938", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-32952", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-989" }, { "db": "ZDI", "id": "ZDI-23-123" }, { "db": "VULHUB", "id": "VHN-392938" }, { "db": "VULMON", "id": "CVE-2021-32952" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-683" }, { "db": "NVD", "id": "CVE-2021-32952" } ] }, "description": { "_id": null, "data": "An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DGN files. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-32952" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "ZDI", "id": "ZDI-21-989" }, { "db": "ZDI", "id": "ZDI-23-123" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-392938" }, { "db": "VULMON", "id": "CVE-2021-32952" } ], "trust": 3.6 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-32952", "trust": 4.8 }, { "db": "ICS CERT", "id": "ICSA-21-159-02", "trust": 2.6 }, { "db": "ZDI", "id": "ZDI-21-989", "trust": 2.5 }, { "db": "SIEMENS", "id": "SSA-155599", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-938030", "trust": 1.8 }, { "db": "ZDI", "id": "ZDI-23-123", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU97514209", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95145431", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-23-047-01", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-001881", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13417", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19137", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-22-069-06", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021060908", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021081107", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031102", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2046", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1047", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2702", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-222-03", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202106-683", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-392938", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-32952", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-989" }, { "db": "ZDI", "id": "ZDI-23-123" }, { "db": "VULHUB", "id": "VHN-392938" }, { "db": "VULMON", "id": "CVE-2021-32952" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-683" }, { "db": "NVD", "id": "CVE-2021-32952" } ] }, "id": "VAR-202106-1196", "iot": { "_id": null, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-392938" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T12:59:12.484000Z", "patch": { "_id": null, "data": [ { "title": "Open\u00a0Design\u00a0Alliance\u00a0( Login required ) Open\u00a0Design\u00a0Alliance", "trust": 0.8, "url": "https://docs.opendesign.com/td/frames.html?frmname=topic\u0026frmfile=MovingToNewVersion.html" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-03https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf" }, { "title": "", "trust": 0.7, "url": "https://www.opendesign.com/security-advisories" }, { "title": "Open Design Alliance Drawings SDK Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153333" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=e0bde73e6fac136c31fc4dfabb276eae" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=dce38d2a1ec28e091a143e851596b2e8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-989" }, { "db": "ZDI", "id": "ZDI-23-123" }, { "db": "VULMON", "id": "CVE-2021-32952" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202106-683" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "Out-of-bounds read (CWE-125) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Use of freed memory (CWE-416) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Improper checking in exceptional conditions (CWE-754) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [IPA evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-392938" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "NVD", "id": "CVE-2021-32952" } ] }, "references": { "_id": null, "data": [ { "trust": 2.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-989/" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32952" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu95145431" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu97514209/index.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32936" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32938" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32940" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32944" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32946" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32948" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32950" }, { "trust": 0.8, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-047-01" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-03https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf" }, { "trust": 0.7, "url": "https://www.opendesign.com/security-advisories" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1047" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-03" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021081107" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2046" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2702" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021060908" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031102" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-06" }, { "trust": 0.2, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-938030.txt" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-06" }, { "trust": 0.1, "url": "https://www.zerodayinitiative.com/advisories/zdi-23-123/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-989" }, { "db": "ZDI", "id": "ZDI-23-123" }, { "db": "VULHUB", "id": "VHN-392938" }, { "db": "VULMON", "id": "CVE-2021-32952" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-683" }, { "db": "NVD", "id": "CVE-2021-32952" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-989", "ident": null }, { "db": "ZDI", "id": "ZDI-23-123", "ident": null }, { "db": "VULHUB", "id": "VHN-392938", "ident": null }, { "db": "VULMON", "id": "CVE-2021-32952", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-001881", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202106-683", "ident": null }, { "db": "NVD", "id": "CVE-2021-32952", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-989", "ident": null }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-123", "ident": null }, { "date": "2021-06-17T00:00:00", "db": "VULHUB", "id": "VHN-392938", "ident": null }, { "date": "2021-06-17T00:00:00", "db": "VULMON", "id": "CVE-2021-32952", "ident": null }, { "date": "2021-06-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-001881", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2021-06-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-683", "ident": null }, { "date": "2021-06-17T13:15:08.337000", "db": "NVD", "id": "CVE-2021-32952", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-989", "ident": null }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-123", "ident": null }, { "date": "2022-05-13T00:00:00", "db": "VULHUB", "id": "VHN-392938", "ident": null }, { "date": "2022-05-13T00:00:00", "db": "VULMON", "id": "CVE-2021-32952", "ident": null }, { "date": "2023-02-17T05:48:00", "db": "JVNDB", "id": "JVNDB-2021-001881", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2022-03-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-683", "ident": null }, { "date": "2022-05-13T17:30:58.490000", "db": "NVD", "id": "CVE-2021-32952", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202106-683" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Open\u00a0Design\u00a0Alliance\u00a0 Made \u00a0Drawings\u00a0SDK\u00a0 Multiple vulnerabilities in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001881" } ], "trust": 0.8 }, "type": { "_id": null, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
var-202102-0325
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of CGM files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12163). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-12163 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CGM files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-230" }, { "db": "JVNDB", "id": "JVNDB-2020-015923" }, { "db": "NVD", "id": "CVE-2020-27004" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-27004" } ] }, "credits": { "_id": null, "data": "Francis Provencher {PRL}", "sources": [ { "db": "ZDI", "id": "ZDI-21-230" } ], "trust": 0.7 }, "cve": "CVE-2020-27004", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-27004", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-27004", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "HIGH", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.0, "id": "CVE-2020-27004", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-27004", "trust": 1.8, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2020-27004", "trust": 0.7, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202102-869", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-230" }, { "db": "JVNDB", "id": "JVNDB-2020-015923" }, { "db": "NVD", "id": "CVE-2020-27004" }, { "db": "CNNVD", "id": "CNNVD-202102-869" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of CGM files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12163). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-12163 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CGM files", "sources": [ { "db": "NVD", "id": "CVE-2020-27004" }, { "db": "JVNDB", "id": "JVNDB-2020-015923" }, { "db": "ZDI", "id": "ZDI-21-230" } ], "trust": 2.25 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-27004", "trust": 3.1 }, { "db": "ZDI", "id": "ZDI-21-230", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-663999", "trust": 1.6 }, { "db": "JVN", "id": "JVNVU91083521", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015923", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12163", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-040-06", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0495", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202102-869", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-230" }, { "db": "JVNDB", "id": "JVNDB-2020-015923" }, { "db": "NVD", "id": "CVE-2020-27004" }, { "db": "CNNVD", "id": "CNNVD-202102-869" } ] }, "id": "VAR-202102-0325", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:55:54.566000Z", "patch": { "_id": null, "data": [ { "title": "SSA-663999", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "title": "JT2Go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=141291" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-230" }, { "db": "JVNDB", "id": "JVNDB-2020-015923" }, { "db": "CNNVD", "id": "CNNVD-202102-869" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015923" }, { "db": "NVD", "id": "CVE-2020-27004" } ] }, "references": { "_id": null, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-230/" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "trust": 1.3, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91083521/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27004" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0495" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-230" }, { "db": "JVNDB", "id": "JVNDB-2020-015923" }, { "db": "NVD", "id": "CVE-2020-27004" }, { "db": "CNNVD", "id": "CNNVD-202102-869" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-230", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015923", "ident": null }, { "db": "NVD", "id": "CVE-2020-27004", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202102-869", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-230", "ident": null }, { "date": "2021-10-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015923", "ident": null }, { "date": "2021-02-09T17:15:14.203000", "db": "NVD", "id": "CVE-2020-27004", "ident": null }, { "date": "2021-02-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-869", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-230", "ident": null }, { "date": "2021-10-25T06:20:00", "db": "JVNDB", "id": "JVNDB-2020-015923", "ident": null }, { "date": "2021-03-09T15:58:51.347000", "db": "NVD", "id": "CVE-2020-27004", "ident": null }, { "date": "2021-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-869", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-869" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015923" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-869" } ], "trust": 0.6 } }
var-202107-1406
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Mono_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13352). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13352 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of J2K files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-840" }, { "db": "JVNDB", "id": "JVNDB-2021-009326" }, { "db": "NVD", "id": "CVE-2021-34311" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34311" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-840" } ], "trust": 0.7 }, "cve": "CVE-2021-34311", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34311", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34311", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34311", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34311", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34311", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-886", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-34311", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-840" }, { "db": "VULMON", "id": "CVE-2021-34311" }, { "db": "JVNDB", "id": "JVNDB-2021-009326" }, { "db": "NVD", "id": "CVE-2021-34311" }, { "db": "CNNVD", "id": "CNNVD-202107-886" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Mono_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13352). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13352 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of J2K files", "sources": [ { "db": "NVD", "id": "CVE-2021-34311" }, { "db": "JVNDB", "id": "JVNDB-2021-009326" }, { "db": "ZDI", "id": "ZDI-21-840" }, { "db": "VULMON", "id": "CVE-2021-34311" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34311", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-840", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009326", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13352", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-886", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34311", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-840" }, { "db": "VULMON", "id": "CVE-2021-34311" }, { "db": "JVNDB", "id": "JVNDB-2021-009326" }, { "db": "NVD", "id": "CVE-2021-34311" }, { "db": "CNNVD", "id": "CNNVD-202107-886" } ] }, "id": "VAR-202107-1406", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:01:11.862000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156579" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-840" }, { "db": "VULMON", "id": "CVE-2021-34311" }, { "db": "JVNDB", "id": "JVNDB-2021-009326" }, { "db": "CNNVD", "id": "CNNVD-202107-886" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009326" }, { "db": "NVD", "id": "CVE-2021-34311" } ] }, "references": { "_id": null, "data": [ { "trust": 3.1, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-840/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34311" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-840" }, { "db": "VULMON", "id": "CVE-2021-34311" }, { "db": "JVNDB", "id": "JVNDB-2021-009326" }, { "db": "NVD", "id": "CVE-2021-34311" }, { "db": "CNNVD", "id": "CNNVD-202107-886" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-840", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34311", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009326", "ident": null }, { "db": "NVD", "id": "CVE-2021-34311", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-886", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-840", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34311", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009326", "ident": null }, { "date": "2021-07-13T11:15:11.750000", "db": "NVD", "id": "CVE-2021-34311", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-886", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-840", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "VULMON", "id": "CVE-2021-34311", "ident": null }, { "date": "2022-04-20T08:36:00", "db": "JVNDB", "id": "JVNDB-2021-009326", "ident": null }, { "date": "2021-07-27T15:34:11.787000", "db": "NVD", "id": "CVE-2021-34311", "ident": null }, { "date": "2021-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-886", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-886" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009326" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-886" } ], "trust": 0.6 } }
var-202212-1729
Vulnerability from variot
The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. Siemens Teamcenter Visualization and JT2Go Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Teamcenter Visualization and JT2Go
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1729", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.5" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.8" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.5" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.4" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-005662" }, { "db": "NVD", "id": "CVE-2022-3160" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.4", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.8", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.5", "versionStartIncluding": "14.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.5", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-3160" } ] }, "cve": "CVE-2022-3160", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "OTHER", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2022-005662", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-3160", "trust": 1.0, "value": "HIGH" }, { "author": "ics-cert@hq.dhs.gov", "id": "CVE-2022-3160", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2022-005662", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202301-1065", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-005662" }, { "db": "NVD", "id": "CVE-2022-3160" }, { "db": "NVD", "id": "CVE-2022-3160" }, { "db": "CNNVD", "id": "CNNVD-202301-1065" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "\nThe APDFL.dll contains an out-of-bounds write past the fixed-length \nheap-based buffer while parsing specially crafted PDF files. This could \nallow an attacker to execute code in the context of the current process. Siemens Teamcenter Visualization and JT2Go Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Teamcenter Visualization and JT2Go", "sources": [ { "db": "NVD", "id": "CVE-2022-3160" }, { "db": "JVNDB", "id": "JVNDB-2022-005662" }, { "db": "VULMON", "id": "CVE-2022-3160" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-3160", "trust": 3.3 }, { "db": "ICS CERT", "id": "ICSA-22-349-15", "trust": 2.5 }, { "db": "SIEMENS", "id": "SSA-360681", "trust": 1.6 }, { "db": "JVN", "id": "JVNVU91561630", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-005662", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202301-1065", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-3160", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-3160" }, { "db": "JVNDB", "id": "JVNDB-2022-005662" }, { "db": "NVD", "id": "CVE-2022-3160" }, { "db": "CNNVD", "id": "CNNVD-202301-1065" } ] }, "id": "VAR-202212-1729", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:25:22.240000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-360681", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/html/ssa-360681.html" }, { "title": "Siemens Teamcenter Visualization and JT2Go Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=222346" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-005662" }, { "db": "CNNVD", "id": "CNNVD-202301-1065" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-005662" }, { "db": "NVD", "id": "CVE-2022-3160" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-15" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-360681.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91561630/index.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3160" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-15" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-3160/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-3160" }, { "db": "JVNDB", "id": "JVNDB-2022-005662" }, { "db": "NVD", "id": "CVE-2022-3160" }, { "db": "CNNVD", "id": "CNNVD-202301-1065" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-3160" }, { "db": "JVNDB", "id": "JVNDB-2022-005662" }, { "db": "NVD", "id": "CVE-2022-3160" }, { "db": "CNNVD", "id": "CNNVD-202301-1065" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-005662" }, { "date": "2023-01-13T01:15:09.687000", "db": "NVD", "id": "CVE-2022-3160" }, { "date": "2023-01-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202301-1065" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-08T02:35:00", "db": "JVNDB", "id": "JVNDB-2022-005662" }, { "date": "2023-11-07T03:50:53.193000", "db": "NVD", "id": "CVE-2022-3160" }, { "date": "2023-01-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202301-1065" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202301-1065" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u00a0Teamcenter\u00a0Visualization\u00a0 and \u00a0JT2Go\u00a0 Out-of-bounds write vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-005662" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202301-1065" } ], "trust": 0.6 } }
var-202107-1403
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13344). JT2Go and Teamcenter Visualization There are input validation and out-of-bounds read vulnerabilities. Zero Day Initiative To this vulnerability ZDI-CAN-13344 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BMP files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-837" }, { "db": "JVNDB", "id": "JVNDB-2021-009331" }, { "db": "NVD", "id": "CVE-2021-34308" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34308" } ] }, "credits": { "_id": null, "data": "Brian Gorenc of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-837" }, { "db": "CNNVD", "id": "CNNVD-202107-882" } ], "trust": 1.3 }, "cve": "CVE-2021-34308", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34308", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34308", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2021-34308", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34308", "trust": 1.8, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2021-34308", "trust": 0.7, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202107-882", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-34308", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-837" }, { "db": "VULMON", "id": "CVE-2021-34308" }, { "db": "JVNDB", "id": "JVNDB-2021-009331" }, { "db": "NVD", "id": "CVE-2021-34308" }, { "db": "CNNVD", "id": "CNNVD-202107-882" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13344). JT2Go and Teamcenter Visualization There are input validation and out-of-bounds read vulnerabilities. Zero Day Initiative To this vulnerability ZDI-CAN-13344 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BMP files", "sources": [ { "db": "NVD", "id": "CVE-2021-34308" }, { "db": "JVNDB", "id": "JVNDB-2021-009331" }, { "db": "ZDI", "id": "ZDI-21-837" }, { "db": "VULMON", "id": "CVE-2021-34308" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34308", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-837", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009331", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13344", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-882", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34308", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-837" }, { "db": "VULMON", "id": "CVE-2021-34308" }, { "db": "JVNDB", "id": "JVNDB-2021-009331" }, { "db": "NVD", "id": "CVE-2021-34308" }, { "db": "CNNVD", "id": "CNNVD-202107-882" } ] }, "id": "VAR-202107-1403", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:13:22.698000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=156575" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34308 " } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-837" }, { "db": "VULMON", "id": "CVE-2021-34308" }, { "db": "JVNDB", "id": "JVNDB-2021-009331" }, { "db": "CNNVD", "id": "CNNVD-202107-882" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009331" }, { "db": "NVD", "id": "CVE-2021-34308" } ] }, "references": { "_id": null, "data": [ { "trust": 3.2, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-837/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34308" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34308" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-837" }, { "db": "VULMON", "id": "CVE-2021-34308" }, { "db": "JVNDB", "id": "JVNDB-2021-009331" }, { "db": "NVD", "id": "CVE-2021-34308" }, { "db": "CNNVD", "id": "CNNVD-202107-882" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-837", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34308", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009331", "ident": null }, { "db": "NVD", "id": "CVE-2021-34308", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-882", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-837", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34308", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009331", "ident": null }, { "date": "2021-07-13T11:15:11.510000", "db": "NVD", "id": "CVE-2021-34308", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-882", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-837", "ident": null }, { "date": "2022-10-07T00:00:00", "db": "VULMON", "id": "CVE-2021-34308", "ident": null }, { "date": "2022-04-20T08:52:00", "db": "JVNDB", "id": "JVNDB-2021-009331", "ident": null }, { "date": "2022-10-07T20:47:50.830000", "db": "NVD", "id": "CVE-2021-34308", "ident": null }, { "date": "2022-10-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-882", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-882" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009331" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-882" } ], "trust": 0.6 } }
var-202102-0328
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of HPG files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12207). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-12207 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of HPG files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0.1" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-234" }, { "db": "ZDI", "id": "ZDI-21-233" }, { "db": "JVNDB", "id": "JVNDB-2020-015913" }, { "db": "NVD", "id": "CVE-2020-27007" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-27007" } ] }, "credits": { "_id": null, "data": "Francis Provencher {PRL}", "sources": [ { "db": "ZDI", "id": "ZDI-21-234" }, { "db": "ZDI", "id": "ZDI-21-233" } ], "trust": 1.4 }, "cve": "CVE-2020-27007", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-27007", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2020-27007", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-27007", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-27007", "trust": 1.8, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2020-27007", "trust": 1.4, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202102-867", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-234" }, { "db": "ZDI", "id": "ZDI-21-233" }, { "db": "JVNDB", "id": "JVNDB-2020-015913" }, { "db": "NVD", "id": "CVE-2020-27007" }, { "db": "CNNVD", "id": "CNNVD-202102-867" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of HPG files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12207). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-12207 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of HPG files", "sources": [ { "db": "NVD", "id": "CVE-2020-27007" }, { "db": "JVNDB", "id": "JVNDB-2020-015913" }, { "db": "ZDI", "id": "ZDI-21-234" }, { "db": "ZDI", "id": "ZDI-21-233" } ], "trust": 2.88 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-27007", "trust": 3.8 }, { "db": "ZDI", "id": "ZDI-21-234", "trust": 3.1 }, { "db": "ZDI", "id": "ZDI-21-233", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-663999", "trust": 1.6 }, { "db": "JVN", "id": "JVNVU91083521", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015913", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12208", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12207", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-040-06", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0495", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202102-867", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-234" }, { "db": "ZDI", "id": "ZDI-21-233" }, { "db": "JVNDB", "id": "JVNDB-2020-015913" }, { "db": "NVD", "id": "CVE-2020-27007" }, { "db": "CNNVD", "id": "CNNVD-202102-867" } ] }, "id": "VAR-202102-0328", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:54:22.176000Z", "patch": { "_id": null, "data": [ { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "title": "SSA-663999", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "title": "JT2Go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=141289" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-234" }, { "db": "ZDI", "id": "ZDI-21-233" }, { "db": "JVNDB", "id": "JVNDB-2020-015913" }, { "db": "CNNVD", "id": "CNNVD-202102-867" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015913" }, { "db": "NVD", "id": "CVE-2020-27007" } ] }, "references": { "_id": null, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-233/" }, { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-234/" }, { "trust": 2.0, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91083521/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27007" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0495" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-234" }, { "db": "ZDI", "id": "ZDI-21-233" }, { "db": "JVNDB", "id": "JVNDB-2020-015913" }, { "db": "NVD", "id": "CVE-2020-27007" }, { "db": "CNNVD", "id": "CNNVD-202102-867" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-234", "ident": null }, { "db": "ZDI", "id": "ZDI-21-233", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015913", "ident": null }, { "db": "NVD", "id": "CVE-2020-27007", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202102-867", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-234", "ident": null }, { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-233", "ident": null }, { "date": "2021-10-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015913", "ident": null }, { "date": "2021-02-09T17:15:14.407000", "db": "NVD", "id": "CVE-2020-27007", "ident": null }, { "date": "2021-02-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-867", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-234", "ident": null }, { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-233", "ident": null }, { "date": "2021-10-22T07:25:00", "db": "JVNDB", "id": "JVNDB-2020-015913", "ident": null }, { "date": "2021-03-05T18:42:30.297000", "db": "NVD", "id": "CVE-2020-27007", "ident": null }, { "date": "2021-03-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-867", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-867" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Siemens JT2Go HPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-21-234" }, { "db": "ZDI", "id": "ZDI-21-233" } ], "trust": 1.4 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-867" } ], "trust": 0.6 } }
var-202101-0348
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12016, ZDI-CAN-12017). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-12016 and ZDI-CAN-12017 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of TGA files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT,
VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-061" }, { "db": "ZDI", "id": "ZDI-21-059" }, { "db": "CNVD", "id": "CNVD-2021-02584" }, { "db": "JVNDB", "id": "JVNDB-2020-015269" }, { "db": "NVD", "id": "CVE-2020-26987" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-21-061" }, { "db": "ZDI", "id": "ZDI-21-059" } ], "trust": 1.4 }, "cve": "CVE-2020-26987", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-26987", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2021-02584", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-26987", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2020-26987", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-26987", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2020-26987", "trust": 1.4, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2020-26987", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2020-26987", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2021-02584", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202101-849", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-061" }, { "db": "ZDI", "id": "ZDI-21-059" }, { "db": "CNVD", "id": "CNVD-2021-02584" }, { "db": "JVNDB", "id": "JVNDB-2020-015269" }, { "db": "CNNVD", "id": "CNNVD-202101-849" }, { "db": "NVD", "id": "CVE-2020-26987" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12016, ZDI-CAN-12017). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-12016 and ZDI-CAN-12017 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of TGA files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT,\r\n\r\nVFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment", "sources": [ { "db": "NVD", "id": "CVE-2020-26987" }, { "db": "JVNDB", "id": "JVNDB-2020-015269" }, { "db": "ZDI", "id": "ZDI-21-061" }, { "db": "ZDI", "id": "ZDI-21-059" }, { "db": "CNVD", "id": "CNVD-2021-02584" } ], "trust": 3.42 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-26987", "trust": 4.4 }, { "db": "ZDI", "id": "ZDI-21-061", "trust": 3.1 }, { "db": "ZDI", "id": "ZDI-21-059", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-622830", "trust": 2.2 }, { "db": "JVN", "id": "JVNVU91685542", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015269", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12016", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12017", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2021-02584", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0125", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-012-03", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-849", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-061" }, { "db": "ZDI", "id": "ZDI-21-059" }, { "db": "CNVD", "id": "CNVD-2021-02584" }, { "db": "JVNDB", "id": "JVNDB-2020-015269" }, { "db": "CNNVD", "id": "CNNVD-202101-849" }, { "db": "NVD", "id": "CVE-2020-26987" } ] }, "id": "VAR-202101-0348", "iot": { "_id": null, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-02584" } ], "trust": 0.06 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02584" } ] }, "last_update_date": "2024-11-23T20:06:44.232000Z", "patch": { "_id": null, "data": [ { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "title": "SSA-622830", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "title": "Patch for JT2Go and Teamcenter Visualization heap buffer overflow vulnerability (CNVD-2021-02584)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/243988" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139360" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-061" }, { "db": "ZDI", "id": "ZDI-21-059" }, { "db": "CNVD", "id": "CNVD-2021-02584" }, { "db": "JVNDB", "id": "JVNDB-2020-015269" }, { "db": "CNNVD", "id": "CNNVD-202101-849" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-122", "trust": 1.0 }, { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015269" }, { "db": "NVD", "id": "CVE-2020-26987" } ] }, "references": { "_id": null, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-059/" }, { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-061/" }, { "trust": 2.2, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26987" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91685542/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0125/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-061" }, { "db": "ZDI", "id": "ZDI-21-059" }, { "db": "CNVD", "id": "CNVD-2021-02584" }, { "db": "JVNDB", "id": "JVNDB-2020-015269" }, { "db": "CNNVD", "id": "CNNVD-202101-849" }, { "db": "NVD", "id": "CVE-2020-26987" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-061", "ident": null }, { "db": "ZDI", "id": "ZDI-21-059", "ident": null }, { "db": "CNVD", "id": "CNVD-2021-02584", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015269", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202101-849", "ident": null }, { "db": "NVD", "id": "CVE-2020-26987", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-061", "ident": null }, { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-059", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02584", "ident": null }, { "date": "2021-09-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015269", "ident": null }, { "date": "2021-01-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-849", "ident": null }, { "date": "2021-01-12T21:15:17.057000", "db": "NVD", "id": "CVE-2020-26987", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-061", "ident": null }, { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-059", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02584", "ident": null }, { "date": "2021-09-15T08:33:00", "db": "JVNDB", "id": "JVNDB-2020-015269", "ident": null }, { "date": "2021-02-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-849", "ident": null }, { "date": "2024-11-21T05:20:37.970000", "db": "NVD", "id": "CVE-2020-26987", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-849" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Siemens JT2Go TGA File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-21-061" }, { "db": "ZDI", "id": "ZDI-21-059" } ], "trust": 1.4 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-849" } ], "trust": 0.6 } }
var-202112-0801
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0801", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44008" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44008" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro\u2019s Zero Day Initiative and Jin Huang from ADLab reported these vulnerabilities.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1199" } ], "trust": 0.6 }, "cve": "CVE-2021-44008", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-44008", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202112-1199", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44008" }, { "db": "CNNVD", "id": "CNNVD-202112-1199" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process.", "sources": [ { "db": "NVD", "id": "CVE-2021-44008" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SIEMENS", "id": "SSA-595101", "trust": 1.6 }, { "db": "NVD", "id": "CVE-2021-44008", "trust": 1.6 }, { "db": "CS-HELP", "id": "SB2022010614", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-350-10", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4300", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202112-1199", "trust": 0.6 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44008" }, { "db": "CNNVD", "id": "CNNVD-202112-1199" } ] }, "id": "VAR-202112-0801", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:14:07.778000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens Jt2go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=174914" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1199" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44008" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-10" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4300" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010614" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44008" }, { "db": "CNNVD", "id": "CNNVD-202112-1199" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "NVD", "id": "CVE-2021-44008" }, { "db": "CNNVD", "id": "CNNVD-202112-1199" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-14T12:15:10.457000", "db": "NVD", "id": "CVE-2021-44008" }, { "date": "2021-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1199" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-15T13:23:51.913000", "db": "NVD", "id": "CVE-2021-44008" }, { "date": "2022-01-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1199" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1199" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Jt2go Buffer error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1199" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1199" } ], "trust": 0.6 } }
var-202112-0805
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process. JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0805", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2.0.5" }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-016220" }, { "db": "NVD", "id": "CVE-2021-44004" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44004" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro\u2019s Zero Day Initiative and Jin Huang from ADLab reported these vulnerabilities.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1195" } ], "trust": 0.6 }, "cve": "CVE-2021-44004", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-44004", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-44004", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-44004", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202112-1195", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-016220" }, { "db": "NVD", "id": "CVE-2021-44004" }, { "db": "CNNVD", "id": "CNNVD-202112-1195" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process. JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information may be obtained", "sources": [ { "db": "NVD", "id": "CVE-2021-44004" }, { "db": "JVNDB", "id": "JVNDB-2021-016220" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-44004", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-595101", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2021-016220", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2022010614", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-350-10", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4300", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202112-1195", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-016220" }, { "db": "NVD", "id": "CVE-2021-44004" }, { "db": "CNNVD", "id": "CNNVD-202112-1195" } ] }, "id": "VAR-202112-0805", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:21:33.702000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-595101", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "title": "Siemens Jt2go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=175269" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-016220" }, { "db": "CNNVD", "id": "CNNVD-202112-1195" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-016220" }, { "db": "NVD", "id": "CVE-2021-44004" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44004" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-10" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4300" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010614" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-016220" }, { "db": "NVD", "id": "CVE-2021-44004" }, { "db": "CNNVD", "id": "CNNVD-202112-1195" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2021-016220" }, { "db": "NVD", "id": "CVE-2021-44004" }, { "db": "CNNVD", "id": "CNNVD-202112-1195" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-016220" }, { "date": "2021-12-14T12:15:10.250000", "db": "NVD", "id": "CVE-2021-44004" }, { "date": "2021-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1195" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-08T05:17:00", "db": "JVNDB", "id": "JVNDB-2021-016220" }, { "date": "2021-12-15T13:26:39.887000", "db": "NVD", "id": "CVE-2021-44004" }, { "date": "2022-01-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1195" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1195" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-016220" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1195" } ], "trust": 0.6 } }
var-202106-1192
Vulnerability from variot
A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DGN files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages. There is a resource management error vulnerability in the Drawings SDK, which is caused by a "free after use" error in the process of reading DGN files. Affected products and versions are as follows: Drawings SDK: Before 2022.4
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "_id": null, "model": "drawing sdk", "scope": null, "trust": 1.4, "vendor": "open design alliance oda", "version": null }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.1" }, { "_id": null, "model": "drawings sdk", "scope": "lt", "trust": 1.0, "vendor": "opendesign", "version": "2022.4" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.1" }, { "_id": null, "model": "comos", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "10.4.1" }, { "_id": null, "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": "2022.4 all previous s - cve-2021-32938 , cve-2021-32936 , cve-2021-32940 , cve-2021-32948 , cve-2021-32950 , cve-2021-32944" }, { "_id": null, "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": "2022.5 all previous s - cve-2021-32946 , cve-2021-32952" }, { "_id": null, "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-990" }, { "db": "ZDI", "id": "ZDI-21-987" }, { "db": "ZDI", "id": "ZDI-23-132" }, { "db": "ZDI", "id": "ZDI-23-131" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "NVD", "id": "CVE-2021-32944" } ] }, "credits": { "_id": null, "data": "Mat Powell \u0026 Jimmy Calderon (@vectors2final) of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-23-132" }, { "db": "ZDI", "id": "ZDI-23-131" } ], "trust": 1.4 }, "cve": "CVE-2021-32944", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-32944", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-392930", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-32944", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.8, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-32944", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "IPA", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2021-001881", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2021-32944", "trust": 2.8, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2021-32944", "trust": 1.0, "value": "HIGH" }, { "author": "IPA", "id": "JVNDB-2021-001881", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202106-688", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-392930", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-32944", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-990" }, { "db": "ZDI", "id": "ZDI-21-987" }, { "db": "ZDI", "id": "ZDI-23-132" }, { "db": "ZDI", "id": "ZDI-23-131" }, { "db": "VULHUB", "id": "VHN-392930" }, { "db": "VULMON", "id": "CVE-2021-32944" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-688" }, { "db": "NVD", "id": "CVE-2021-32944" } ] }, "description": { "_id": null, "data": "A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DGN files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages. There is a resource management error vulnerability in the Drawings SDK, which is caused by a \"free after use\" error in the process of reading DGN files. Affected products and versions are as follows: Drawings SDK: Before 2022.4", "sources": [ { "db": "NVD", "id": "CVE-2021-32944" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "ZDI", "id": "ZDI-21-990" }, { "db": "ZDI", "id": "ZDI-21-987" }, { "db": "ZDI", "id": "ZDI-23-132" }, { "db": "ZDI", "id": "ZDI-23-131" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-392930" }, { "db": "VULMON", "id": "CVE-2021-32944" } ], "trust": 4.86 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-32944", "trust": 6.2 }, { "db": "ICS CERT", "id": "ICSA-21-159-02", "trust": 2.6 }, { "db": "ZDI", "id": "ZDI-21-990", "trust": 2.5 }, { "db": "ZDI", "id": "ZDI-21-987", "trust": 2.5 }, { "db": "SIEMENS", "id": "SSA-155599", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-365397", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU97514209", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95145431", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-23-047-01", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-001881", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13468", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13413", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19152", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-132", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19151", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-131", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-22-069-06", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-222-01", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021060909", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021081108", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031102", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2046", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1047", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2700", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202106-688", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-392930", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-32944", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-990" }, { "db": "ZDI", "id": "ZDI-21-987" }, { "db": "ZDI", "id": "ZDI-23-132" }, { "db": "ZDI", "id": "ZDI-23-131" }, { "db": "VULHUB", "id": "VHN-392930" }, { "db": "VULMON", "id": "CVE-2021-32944" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-688" }, { "db": "NVD", "id": "CVE-2021-32944" } ] }, "id": "VAR-202106-1192", "iot": { "_id": null, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-392930" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T12:29:55.197000Z", "patch": { "_id": null, "data": [ { "title": "", "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "title": "", "trust": 1.4, "url": "https://www.opendesign.com/security-advisories" }, { "title": "Open\u00a0Design\u00a0Alliance\u00a0( Login required ) Open\u00a0Design\u00a0Alliance", "trust": 0.8, "url": "https://docs.opendesign.com/td/frames.html?frmname=topic\u0026frmfile=MovingToNewVersion.html" }, { "title": "Drawings SDK Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153338" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=dce38d2a1ec28e091a143e851596b2e8" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b2237aa5ac819041f827cc4fd4128631" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-990" }, { "db": "ZDI", "id": "ZDI-21-987" }, { "db": "ZDI", "id": "ZDI-23-132" }, { "db": "ZDI", "id": "ZDI-23-131" }, { "db": "VULMON", "id": "CVE-2021-32944" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202106-688" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-416", "trust": 1.1 }, { "problemtype": "Out-of-bounds read (CWE-125) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Use of freed memory (CWE-416) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Improper checking in exceptional conditions (CWE-754) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [IPA evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-392930" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "NVD", "id": "CVE-2021-32944" } ] }, "references": { "_id": null, "data": [ { "trust": 2.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-990/" }, { "trust": 1.9, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-987/" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "trust": 1.4, "url": "https://www.opendesign.com/security-advisories" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32944" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu95145431" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu97514209/index.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32936" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32938" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32940" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32946" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32948" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32950" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32952" }, { "trust": 0.8, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-047-01" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1047" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2046" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021081108" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2700" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021060909" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031102" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-06" }, { "trust": 0.2, "url": "https://cwe.mitre.org/data/definitions/416.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-06" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-990" }, { "db": "ZDI", "id": "ZDI-21-987" }, { "db": "ZDI", "id": "ZDI-23-132" }, { "db": "ZDI", "id": "ZDI-23-131" }, { "db": "VULHUB", "id": "VHN-392930" }, { "db": "VULMON", "id": "CVE-2021-32944" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-688" }, { "db": "NVD", "id": "CVE-2021-32944" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-990", "ident": null }, { "db": "ZDI", "id": "ZDI-21-987", "ident": null }, { "db": "ZDI", "id": "ZDI-23-132", "ident": null }, { "db": "ZDI", "id": "ZDI-23-131", "ident": null }, { "db": "VULHUB", "id": "VHN-392930", "ident": null }, { "db": "VULMON", "id": "CVE-2021-32944", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-001881", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202106-688", "ident": null }, { "db": "NVD", "id": "CVE-2021-32944", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-990", "ident": null }, { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-987", "ident": null }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-132", "ident": null }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-131", "ident": null }, { "date": "2021-06-17T00:00:00", "db": "VULHUB", "id": "VHN-392930", "ident": null }, { "date": "2021-06-17T00:00:00", "db": "VULMON", "id": "CVE-2021-32944", "ident": null }, { "date": "2021-06-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-001881", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2021-06-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-688", "ident": null }, { "date": "2021-06-17T13:15:08.083000", "db": "NVD", "id": "CVE-2021-32944", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-990", "ident": null }, { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-987", "ident": null }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-132", "ident": null }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-131", "ident": null }, { "date": "2022-04-15T00:00:00", "db": "VULHUB", "id": "VHN-392930", "ident": null }, { "date": "2022-04-15T00:00:00", "db": "VULMON", "id": "CVE-2021-32944", "ident": null }, { "date": "2023-02-17T05:48:00", "db": "JVNDB", "id": "JVNDB-2021-001881", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2022-03-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-688", "ident": null }, { "date": "2022-04-15T15:36:24.180000", "db": "NVD", "id": "CVE-2021-32944", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202106-688" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Siemens JT2Go DGN File Parsing Use-After-Free Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-21-990" }, { "db": "ZDI", "id": "ZDI-21-987" } ], "trust": 1.4 }, "type": { "_id": null, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
var-202212-1728
Vulnerability from variot
The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. Siemens Teamcenter Visualization and JT2Go Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Teamcenter Visualization and JT2Go
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1728", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.5" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.8" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.5" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.4" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-005661" }, { "db": "NVD", "id": "CVE-2022-3161" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.4", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.8", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.5", "versionStartIncluding": "14.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.5", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-3161" } ] }, "cve": "CVE-2022-3161", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "OTHER", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2022-005661", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-3161", "trust": 1.0, "value": "HIGH" }, { "author": "ics-cert@hq.dhs.gov", "id": "CVE-2022-3161", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2022-005661", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202301-1070", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-005661" }, { "db": "NVD", "id": "CVE-2022-3161" }, { "db": "NVD", "id": "CVE-2022-3161" }, { "db": "CNNVD", "id": "CNNVD-202301-1070" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "\n\nThe APDFL.dll contains a memory corruption vulnerability while parsing \nspecially crafted PDF files. This could allow an attacker to execute \ncode in the context of the current process. Siemens Teamcenter Visualization and JT2Go Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Teamcenter Visualization and JT2Go", "sources": [ { "db": "NVD", "id": "CVE-2022-3161" }, { "db": "JVNDB", "id": "JVNDB-2022-005661" }, { "db": "VULMON", "id": "CVE-2022-3161" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-3161", "trust": 3.3 }, { "db": "ICS CERT", "id": "ICSA-22-349-15", "trust": 2.5 }, { "db": "SIEMENS", "id": "SSA-360681", "trust": 1.6 }, { "db": "JVN", "id": "JVNVU91561630", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-005661", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202301-1070", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-3161", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-3161" }, { "db": "JVNDB", "id": "JVNDB-2022-005661" }, { "db": "NVD", "id": "CVE-2022-3161" }, { "db": "CNNVD", "id": "CNNVD-202301-1070" } ] }, "id": "VAR-202212-1728", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:24:35.332000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-360681", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/html/ssa-360681.html" }, { "title": "Siemens Teamcenter Visualization and JT2Go Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=222349" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-005661" }, { "db": "CNNVD", "id": "CNNVD-202301-1070" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-005661" }, { "db": "NVD", "id": "CVE-2022-3161" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-15" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-360681.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91561630/index.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3161" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-15" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-3161/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-3161" }, { "db": "JVNDB", "id": "JVNDB-2022-005661" }, { "db": "NVD", "id": "CVE-2022-3161" }, { "db": "CNNVD", "id": "CNNVD-202301-1070" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-3161" }, { "db": "JVNDB", "id": "JVNDB-2022-005661" }, { "db": "NVD", "id": "CVE-2022-3161" }, { "db": "CNNVD", "id": "CNNVD-202301-1070" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-005661" }, { "date": "2023-01-13T01:15:09.770000", "db": "NVD", "id": "CVE-2022-3161" }, { "date": "2023-01-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202301-1070" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-08T02:23:00", "db": "JVNDB", "id": "JVNDB-2022-005661" }, { "date": "2023-11-07T03:50:53.490000", "db": "NVD", "id": "CVE-2022-3161" }, { "date": "2023-01-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202301-1070" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202301-1070" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u00a0Teamcenter\u00a0Visualization\u00a0 and \u00a0JT2Go\u00a0 Out-of-bounds write vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-005661" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202301-1070" } ], "trust": 0.6 } }
var-202107-1376
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12959). JT2Go and Teamcenter Visualization There is a vulnerability related to out-of-bounds reading and a vulnerability related to input verification. Zero Day Initiative To this vulnerability ZDI-CAN-12959 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIFF files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-871" }, { "db": "JVNDB", "id": "JVNDB-2021-009347" }, { "db": "NVD", "id": "CVE-2021-34292" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34292" } ] }, "credits": { "_id": null, "data": "garmin", "sources": [ { "db": "ZDI", "id": "ZDI-21-871" } ], "trust": 0.7 }, "cve": "CVE-2021-34292", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34292", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34292", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34292", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34292", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34292", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-860", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-34292", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-871" }, { "db": "VULMON", "id": "CVE-2021-34292" }, { "db": "JVNDB", "id": "JVNDB-2021-009347" }, { "db": "NVD", "id": "CVE-2021-34292" }, { "db": "CNNVD", "id": "CNNVD-202107-860" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12959). JT2Go and Teamcenter Visualization There is a vulnerability related to out-of-bounds reading and a vulnerability related to input verification. Zero Day Initiative To this vulnerability ZDI-CAN-12959 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIFF files", "sources": [ { "db": "NVD", "id": "CVE-2021-34292" }, { "db": "JVNDB", "id": "JVNDB-2021-009347" }, { "db": "ZDI", "id": "ZDI-21-871" }, { "db": "VULMON", "id": "CVE-2021-34292" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34292", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-871", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009347", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12959", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-860", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34292", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-871" }, { "db": "VULMON", "id": "CVE-2021-34292" }, { "db": "JVNDB", "id": "JVNDB-2021-009347" }, { "db": "NVD", "id": "CVE-2021-34292" }, { "db": "CNNVD", "id": "CNNVD-202107-860" } ] }, "id": "VAR-202107-1376", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:15:09.918000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156553" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-871" }, { "db": "VULMON", "id": "CVE-2021-34292" }, { "db": "JVNDB", "id": "JVNDB-2021-009347" }, { "db": "CNNVD", "id": "CNNVD-202107-860" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009347" }, { "db": "NVD", "id": "CVE-2021-34292" } ] }, "references": { "_id": null, "data": [ { "trust": 2.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-871/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34292" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-871" }, { "db": "VULMON", "id": "CVE-2021-34292" }, { "db": "JVNDB", "id": "JVNDB-2021-009347" }, { "db": "NVD", "id": "CVE-2021-34292" }, { "db": "CNNVD", "id": "CNNVD-202107-860" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-871", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34292", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009347", "ident": null }, { "db": "NVD", "id": "CVE-2021-34292", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-860", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-871", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34292", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009347", "ident": null }, { "date": "2021-07-13T11:15:10.323000", "db": "NVD", "id": "CVE-2021-34292", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-860", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-871", "ident": null }, { "date": "2021-07-23T00:00:00", "db": "VULMON", "id": "CVE-2021-34292", "ident": null }, { "date": "2022-04-20T09:08:00", "db": "JVNDB", "id": "JVNDB-2021-009347", "ident": null }, { "date": "2021-07-23T18:32:22.447000", "db": "NVD", "id": "CVE-2021-34292", "ident": null }, { "date": "2022-03-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-860", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-860" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009347" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-860" } ], "trust": 0.6 } }
var-202101-0354
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer in the font index handling function. An attacker could leverage this vulnerability to execute code in the context of the current process. JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0354", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0" }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02578" }, { "db": "JVNDB", "id": "JVNDB-2020-015257" }, { "db": "NVD", "id": "CVE-2020-26993" } ] }, "cve": "CVE-2020-26993", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-26993", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2021-02578", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-26993", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-26993", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-26993", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2020-26993", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2021-02578", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202101-873", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02578" }, { "db": "JVNDB", "id": "JVNDB-2020-015257" }, { "db": "CNNVD", "id": "CNNVD-202101-873" }, { "db": "NVD", "id": "CVE-2020-26993" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer in the font index handling function. An attacker could leverage this vulnerability to execute code in the context of the current process. JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment", "sources": [ { "db": "NVD", "id": "CVE-2020-26993" }, { "db": "JVNDB", "id": "JVNDB-2020-015257" }, { "db": "CNVD", "id": "CNVD-2021-02578" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-26993", "trust": 3.0 }, { "db": "SIEMENS", "id": "SSA-622830", "trust": 2.2 }, { "db": "JVN", "id": "JVNVU91685542", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015257", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2021-02578", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-012-03", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0125", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-873", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02578" }, { "db": "JVNDB", "id": "JVNDB-2020-015257" }, { "db": "CNNVD", "id": "CNNVD-202101-873" }, { "db": "NVD", "id": "CVE-2020-26993" } ] }, "id": "VAR-202101-0354", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-02578" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02578" } ] }, "last_update_date": "2024-11-23T21:10:16.580000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-622830", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "title": "Patch for JT2Go and Teamcenter Visualization stack buffer overflow vulnerability (CNVD-2021-02578)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/243970" }, { "title": "Siemens JTGo Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139374" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02578" }, { "db": "JVNDB", "id": "JVNDB-2020-015257" }, { "db": "CNNVD", "id": "CNNVD-202101-873" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015257" }, { "db": "NVD", "id": "CVE-2020-26993" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26993" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91685542/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0125/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02578" }, { "db": "JVNDB", "id": "JVNDB-2020-015257" }, { "db": "CNNVD", "id": "CNNVD-202101-873" }, { "db": "NVD", "id": "CVE-2020-26993" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-02578" }, { "db": "JVNDB", "id": "JVNDB-2020-015257" }, { "db": "CNNVD", "id": "CNNVD-202101-873" }, { "db": "NVD", "id": "CVE-2020-26993" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02578" }, { "date": "2021-09-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015257" }, { "date": "2021-01-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-873" }, { "date": "2021-01-12T21:15:17.447000", "db": "NVD", "id": "CVE-2020-26993" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02578" }, { "date": "2021-09-15T08:32:00", "db": "JVNDB", "id": "JVNDB-2020-015257" }, { "date": "2021-02-18T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-873" }, { "date": "2024-11-21T05:20:38.710000", "db": "NVD", "id": "CVE-2020-26993" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-873" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds Vulnerability in Microsoft", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015257" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-873" } ], "trust": 0.6 } }
var-202108-1316
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2.0.2), Teamcenter Visualization (All versions < V13.2.0.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13405). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-13405 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.2" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.2" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2.0.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-981" }, { "db": "JVNDB", "id": "JVNDB-2021-009793" }, { "db": "NVD", "id": "CVE-2021-33738" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-33738" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-981" }, { "db": "CNNVD", "id": "CNNVD-202108-953" } ], "trust": 1.3 }, "cve": "CVE-2021-33738", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-33738", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 3.3, "baseSeverity": "Low", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2021-33738", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2021-33738", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-33738", "trust": 1.8, "value": "LOW" }, { "author": "ZDI", "id": "CVE-2021-33738", "trust": 0.7, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202108-953", "trust": 0.6, "value": "LOW" }, { "author": "VULMON", "id": "CVE-2021-33738", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-981" }, { "db": "VULMON", "id": "CVE-2021-33738" }, { "db": "JVNDB", "id": "JVNDB-2021-009793" }, { "db": "NVD", "id": "CVE-2021-33738" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202108-953" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.2), Teamcenter Visualization (All versions \u003c V13.2.0.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13405). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-13405 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-33738" }, { "db": "JVNDB", "id": "JVNDB-2021-009793" }, { "db": "ZDI", "id": "ZDI-21-981" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-33738" } ], "trust": 2.88 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-33738", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-981", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-938030", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-21-222-03", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU99791395", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-009793", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13405", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2702", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021081107", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202108-953", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-33738", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-981" }, { "db": "VULMON", "id": "CVE-2021-33738" }, { "db": "JVNDB", "id": "JVNDB-2021-009793" }, { "db": "NVD", "id": "CVE-2021-33738" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202108-953" } ] }, "id": "VAR-202108-1316", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:12:42.949000Z", "patch": { "_id": null, "data": [ { "title": "SSA-938030", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-03https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf" }, { "title": "Siemens Teamcenter Visualization and Siemens Jt2go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=159347" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-33738 log" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=e0bde73e6fac136c31fc4dfabb276eae" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-981" }, { "db": "VULMON", "id": "CVE-2021-33738" }, { "db": "JVNDB", "id": "JVNDB-2021-009793" }, { "db": "CNNVD", "id": "CNNVD-202108-953" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009793" }, { "db": "NVD", "id": "CVE-2021-33738" } ] }, "references": { "_id": null, "data": [ { "trust": 2.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-981/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf" }, { "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-03" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu99791395/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33738" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-03https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021081107" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2702" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://security.archlinux.org/cve-2021-33738" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-938030.txt" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-981" }, { "db": "VULMON", "id": "CVE-2021-33738" }, { "db": "JVNDB", "id": "JVNDB-2021-009793" }, { "db": "NVD", "id": "CVE-2021-33738" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202108-953" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-981", "ident": null }, { "db": "VULMON", "id": "CVE-2021-33738", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009793", "ident": null }, { "db": "NVD", "id": "CVE-2021-33738", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202108-953", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-981", "ident": null }, { "date": "2021-08-10T00:00:00", "db": "VULMON", "id": "CVE-2021-33738", "ident": null }, { "date": "2022-05-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009793", "ident": null }, { "date": "2021-08-10T11:15:09.197000", "db": "NVD", "id": "CVE-2021-33738", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2021-08-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202108-953", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-981", "ident": null }, { "date": "2021-08-18T00:00:00", "db": "VULMON", "id": "CVE-2021-33738", "ident": null }, { "date": "2022-05-24T08:26:00", "db": "JVNDB", "id": "JVNDB-2021-009793", "ident": null }, { "date": "2021-09-21T16:27:35.173000", "db": "NVD", "id": "CVE-2021-33738", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2021-08-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202108-953", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202108-953" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009793" } ], "trust": 0.8 }, "type": { "_id": null, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
var-202107-1383
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13192). JT2Go and Teamcenter Visualization There are input validation and out-of-bounds read vulnerabilities. Zero Day Initiative To this vulnerability ZDI-CAN-13192 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIF files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-845" }, { "db": "JVNDB", "id": "JVNDB-2021-009339" }, { "db": "NVD", "id": "CVE-2021-34299" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34299" } ] }, "credits": { "_id": null, "data": "xina1i at SecZone", "sources": [ { "db": "ZDI", "id": "ZDI-21-845" } ], "trust": 0.7 }, "cve": "CVE-2021-34299", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34299", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34299", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2021-34299", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34299", "trust": 1.8, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2021-34299", "trust": 0.7, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202107-874", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-34299", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-845" }, { "db": "VULMON", "id": "CVE-2021-34299" }, { "db": "JVNDB", "id": "JVNDB-2021-009339" }, { "db": "NVD", "id": "CVE-2021-34299" }, { "db": "CNNVD", "id": "CNNVD-202107-874" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13192). JT2Go and Teamcenter Visualization There are input validation and out-of-bounds read vulnerabilities. Zero Day Initiative To this vulnerability ZDI-CAN-13192 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIF files", "sources": [ { "db": "NVD", "id": "CVE-2021-34299" }, { "db": "JVNDB", "id": "JVNDB-2021-009339" }, { "db": "ZDI", "id": "ZDI-21-845" }, { "db": "VULMON", "id": "CVE-2021-34299" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34299", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-845", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009339", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13192", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-874", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34299", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-845" }, { "db": "VULMON", "id": "CVE-2021-34299" }, { "db": "JVNDB", "id": "JVNDB-2021-009339" }, { "db": "NVD", "id": "CVE-2021-34299" }, { "db": "CNNVD", "id": "CNNVD-202107-874" } ] }, "id": "VAR-202107-1383", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:56:32.962000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=156567" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34299 " } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-845" }, { "db": "VULMON", "id": "CVE-2021-34299" }, { "db": "JVNDB", "id": "JVNDB-2021-009339" }, { "db": "CNNVD", "id": "CNNVD-202107-874" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009339" }, { "db": "NVD", "id": "CVE-2021-34299" } ] }, "references": { "_id": null, "data": [ { "trust": 3.2, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-845/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34299" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34299" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-845" }, { "db": "VULMON", "id": "CVE-2021-34299" }, { "db": "JVNDB", "id": "JVNDB-2021-009339" }, { "db": "NVD", "id": "CVE-2021-34299" }, { "db": "CNNVD", "id": "CNNVD-202107-874" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-845", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34299", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009339", "ident": null }, { "db": "NVD", "id": "CVE-2021-34299", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-874", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-845", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34299", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009339", "ident": null }, { "date": "2021-07-13T11:15:10.827000", "db": "NVD", "id": "CVE-2021-34299", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-874", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-845", "ident": null }, { "date": "2022-10-07T00:00:00", "db": "VULMON", "id": "CVE-2021-34299", "ident": null }, { "date": "2022-04-20T09:03:00", "db": "JVNDB", "id": "JVNDB-2021-009339", "ident": null }, { "date": "2022-10-07T20:48:56.457000", "db": "NVD", "id": "CVE-2021-34299", "ident": null }, { "date": "2022-10-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-874", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-874" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009339" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-874" } ], "trust": 0.6 } }
var-202101-0387
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PCX files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0387", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0" }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02577" }, { "db": "JVNDB", "id": "JVNDB-2020-015258" }, { "db": "NVD", "id": "CVE-2020-26994" } ] }, "cve": "CVE-2020-26994", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-26994", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2021-02577", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2020-26994", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-26994", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-26994", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2020-26994", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2021-02577", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202101-840", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2020-26994", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02577" }, { "db": "VULMON", "id": "CVE-2020-26994" }, { "db": "JVNDB", "id": "JVNDB-2020-015258" }, { "db": "CNNVD", "id": "CNNVD-202101-840" }, { "db": "NVD", "id": "CVE-2020-26994" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PCX files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment", "sources": [ { "db": "NVD", "id": "CVE-2020-26994" }, { "db": "JVNDB", "id": "JVNDB-2020-015258" }, { "db": "CNVD", "id": "CNVD-2021-02577" }, { "db": "VULMON", "id": "CVE-2020-26994" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-26994", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-622830", "trust": 2.3 }, { "db": "JVN", "id": "JVNVU91685542", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015258", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2021-02577", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-012-03", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0125", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-840", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-26994", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02577" }, { "db": "VULMON", "id": "CVE-2020-26994" }, { "db": "JVNDB", "id": "JVNDB-2020-015258" }, { "db": "CNNVD", "id": "CNNVD-202101-840" }, { "db": "NVD", "id": "CVE-2020-26994" } ] }, "id": "VAR-202101-0387", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-02577" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02577" } ] }, "last_update_date": "2024-11-23T19:40:04.769000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-622830", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "title": "Patch for JT2Go and Teamcenter Visualization heap buffer overflow vulnerability (CNVD-2021-02577)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/243967" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139353" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=c60b7733e9b4edbad6ce3fc7a4344fda" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02577" }, { "db": "VULMON", "id": "CVE-2020-26994" }, { "db": "JVNDB", "id": "JVNDB-2020-015258" }, { "db": "CNNVD", "id": "CNNVD-202101-840" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-122", "trust": 1.0 }, { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015258" }, { "db": "NVD", "id": "CVE-2020-26994" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26994" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91685542/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0125/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-622830.txt" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02577" }, { "db": "VULMON", "id": "CVE-2020-26994" }, { "db": "JVNDB", "id": "JVNDB-2020-015258" }, { "db": "CNNVD", "id": "CNNVD-202101-840" }, { "db": "NVD", "id": "CVE-2020-26994" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-02577" }, { "db": "VULMON", "id": "CVE-2020-26994" }, { "db": "JVNDB", "id": "JVNDB-2020-015258" }, { "db": "CNNVD", "id": "CNNVD-202101-840" }, { "db": "NVD", "id": "CVE-2020-26994" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02577" }, { "date": "2021-01-12T00:00:00", "db": "VULMON", "id": "CVE-2020-26994" }, { "date": "2021-09-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015258" }, { "date": "2021-01-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-840" }, { "date": "2021-01-12T21:15:17.510000", "db": "NVD", "id": "CVE-2020-26994" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-02-04T00:00:00", "db": "CNVD", "id": "CNVD-2021-02577" }, { "date": "2021-02-22T00:00:00", "db": "VULMON", "id": "CVE-2020-26994" }, { "date": "2021-09-15T08:32:00", "db": "JVNDB", "id": "JVNDB-2020-015258" }, { "date": "2021-02-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-840" }, { "date": "2024-11-21T05:20:38.840000", "db": "NVD", "id": "CVE-2020-26994" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-840" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds Vulnerability in Microsoft", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015258" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-840" } ], "trust": 0.6 } }
var-202306-0898
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202306-0898", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.3" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.10" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.3" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.2" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.13" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.6" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.8" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008588" }, { "db": "NVD", "id": "CVE-2023-33123" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.13", "versionStartIncluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.2.0.3", "versionStartIncluding": "14.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.2.0.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.10", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.6", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.8", "versionStartIncluding": "14.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-33123" } ] }, "cve": "CVE-2023-33123", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-33123", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-33123", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2023-33123", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202306-874", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008588" }, { "db": "NVD", "id": "CVE-2023-33123" }, { "db": "NVD", "id": "CVE-2023-33123" }, { "db": "CNNVD", "id": "CNNVD-202306-874" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.2.0.3), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.13), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.10), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.6), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.8), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. Siemens\u0027 JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-33123" }, { "db": "JVNDB", "id": "JVNDB-2023-008588" }, { "db": "VULMON", "id": "CVE-2023-33123" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-33123", "trust": 3.3 }, { "db": "SIEMENS", "id": "SSA-538795", "trust": 2.5 }, { "db": "ICS CERT", "id": "ICSA-23-166-14", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU99464755", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-008588", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202306-874", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-33123", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-33123" }, { "db": "JVNDB", "id": "JVNDB-2023-008588" }, { "db": "NVD", "id": "CVE-2023-33123" }, { "db": "CNNVD", "id": "CNNVD-202306-874" } ] }, "id": "VAR-202306-0898", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:24:48.250000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens JT2Go Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=241391" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-874" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008588" }, { "db": "NVD", "id": "CVE-2023-33123" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu99464755/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-33123" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-14" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-33123/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-33123" }, { "db": "JVNDB", "id": "JVNDB-2023-008588" }, { "db": "NVD", "id": "CVE-2023-33123" }, { "db": "CNNVD", "id": "CNNVD-202306-874" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2023-33123" }, { "db": "JVNDB", "id": "JVNDB-2023-008588" }, { "db": "NVD", "id": "CVE-2023-33123" }, { "db": "CNNVD", "id": "CNNVD-202306-874" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-13T00:00:00", "db": "VULMON", "id": "CVE-2023-33123" }, { "date": "2023-12-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-008588" }, { "date": "2023-06-13T09:15:18.437000", "db": "NVD", "id": "CVE-2023-33123" }, { "date": "2023-06-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202306-874" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-13T00:00:00", "db": "VULMON", "id": "CVE-2023-33123" }, { "date": "2023-12-01T08:15:00", "db": "JVNDB", "id": "JVNDB-2023-008588" }, { "date": "2023-06-21T20:37:57.867000", "db": "NVD", "id": "CVE-2023-33123" }, { "date": "2023-06-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202306-874" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-874" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008588" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-874" } ], "trust": 0.6 } }
var-202101-0389
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of CG4 files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12027). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-12027 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CG4 files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment.
There are security vulnerabilities in JT2Go and Teamcenter Visualization
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-062" }, { "db": "CNVD", "id": "CNVD-2021-02575" }, { "db": "JVNDB", "id": "JVNDB-2020-015260" }, { "db": "NVD", "id": "CVE-2020-26996" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-21-062" } ], "trust": 0.7 }, "cve": "CVE-2020-26996", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-26996", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2021-02575", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2020-26996", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-26996", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-26996", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-26996", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2020-26996", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2020-26996", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2021-02575", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202101-838", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-062" }, { "db": "CNVD", "id": "CNVD-2021-02575" }, { "db": "JVNDB", "id": "JVNDB-2020-015260" }, { "db": "CNNVD", "id": "CNNVD-202101-838" }, { "db": "NVD", "id": "CVE-2020-26996" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of CG4 files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12027). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-12027 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CG4 files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment. \n\r\n\r\nThere are security vulnerabilities in JT2Go and Teamcenter Visualization", "sources": [ { "db": "NVD", "id": "CVE-2020-26996" }, { "db": "JVNDB", "id": "JVNDB-2020-015260" }, { "db": "ZDI", "id": "ZDI-21-062" }, { "db": "CNVD", "id": "CNVD-2021-02575" } ], "trust": 2.79 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-26996", "trust": 3.7 }, { "db": "ZDI", "id": "ZDI-21-062", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-622830", "trust": 2.2 }, { "db": "JVN", "id": "JVNVU91685542", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015260", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12027", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2021-02575", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0125", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-012-03", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-838", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-062" }, { "db": "CNVD", "id": "CNVD-2021-02575" }, { "db": "JVNDB", "id": "JVNDB-2020-015260" }, { "db": "CNNVD", "id": "CNNVD-202101-838" }, { "db": "NVD", "id": "CVE-2020-26996" } ] }, "id": "VAR-202101-0389", "iot": { "_id": null, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-02575" } ], "trust": 0.06 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02575" } ] }, "last_update_date": "2024-11-23T19:27:41.624000Z", "patch": { "_id": null, "data": [ { "title": "SSA-622830", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "title": "Patch for Unspecified vulnerability exists in JT2Go and Teamcenter Visualization (CNVD-2021-02575)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/243961" }, { "title": "Siemens Jt2go and Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139351" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-062" }, { "db": "CNVD", "id": "CNVD-2021-02575" }, { "db": "JVNDB", "id": "JVNDB-2020-015260" }, { "db": "CNNVD", "id": "CNNVD-202101-838" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015260" }, { "db": "NVD", "id": "CVE-2020-26996" } ] }, "references": { "_id": null, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-062/" }, { "trust": 2.2, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26996" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91685542/" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0125/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-062" }, { "db": "CNVD", "id": "CNVD-2021-02575" }, { "db": "JVNDB", "id": "JVNDB-2020-015260" }, { "db": "CNNVD", "id": "CNNVD-202101-838" }, { "db": "NVD", "id": "CVE-2020-26996" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-062", "ident": null }, { "db": "CNVD", "id": "CNVD-2021-02575", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015260", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202101-838", "ident": null }, { "db": "NVD", "id": "CVE-2020-26996", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-062", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02575", "ident": null }, { "date": "2021-09-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015260", "ident": null }, { "date": "2021-01-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-838", "ident": null }, { "date": "2021-01-12T21:15:17.637000", "db": "NVD", "id": "CVE-2020-26996", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-062", "ident": null }, { "date": "2021-02-04T00:00:00", "db": "CNVD", "id": "CNVD-2021-02575", "ident": null }, { "date": "2021-09-15T08:32:00", "db": "JVNDB", "id": "JVNDB-2020-015260", "ident": null }, { "date": "2021-02-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-838", "ident": null }, { "date": "2024-11-21T05:20:39.060000", "db": "NVD", "id": "CVE-2020-26996", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-838" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015260" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-838" } ], "trust": 0.6 } }
var-202102-0322
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12041). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-12041 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.2" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-227" }, { "db": "JVNDB", "id": "JVNDB-2020-015926" }, { "db": "NVD", "id": "CVE-2020-27001" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-27001" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-21-227" } ], "trust": 0.7 }, "cve": "CVE-2020-27001", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.6, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-27001", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-27001", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-27001", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-27001", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2020-27001", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202102-871", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2020-27001", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-227" }, { "db": "VULMON", "id": "CVE-2020-27001" }, { "db": "JVNDB", "id": "JVNDB-2020-015926" }, { "db": "NVD", "id": "CVE-2020-27001" }, { "db": "CNNVD", "id": "CNNVD-202102-871" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.2), Teamcenter Visualization (All versions \u003c V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12041). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-12041 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files", "sources": [ { "db": "NVD", "id": "CVE-2020-27001" }, { "db": "JVNDB", "id": "JVNDB-2020-015926" }, { "db": "ZDI", "id": "ZDI-21-227" }, { "db": "VULMON", "id": "CVE-2020-27001" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-27001", "trust": 3.2 }, { "db": "ZDI", "id": "ZDI-21-227", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-695540", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-663999", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2020-015926", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12041", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-040-06", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-147-04", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0495", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1836", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202102-871", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-27001", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-227" }, { "db": "VULMON", "id": "CVE-2020-27001" }, { "db": "JVNDB", "id": "JVNDB-2020-015926" }, { "db": "NVD", "id": "CVE-2020-27001" }, { "db": "CNNVD", "id": "CNNVD-202102-871" } ] }, "id": "VAR-202102-0322", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:51:53.030000Z", "patch": { "_id": null, "data": [ { "title": "SSA-663999 Siemens\u00a0Security\u00a0Advisory", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "title": " https://us-cert.cisa.gov/ics/advisories/icsa-21-147-04", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "title": "JT2Go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=141292" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=22012358d4c381f4f14edecd2684a63a" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=1c3bdb36e22f42f5b9339f0ff806382c" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-227" }, { "db": "VULMON", "id": "CVE-2020-27001" }, { "db": "JVNDB", "id": "JVNDB-2020-015926" }, { "db": "CNNVD", "id": "CNNVD-202102-871" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015926" }, { "db": "NVD", "id": "CVE-2020-27001" } ] }, "references": { "_id": null, "data": [ { "trust": 2.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-227/" }, { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "trust": 1.3, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-147-04" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27001" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0495" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1836" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/121.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-227" }, { "db": "VULMON", "id": "CVE-2020-27001" }, { "db": "JVNDB", "id": "JVNDB-2020-015926" }, { "db": "NVD", "id": "CVE-2020-27001" }, { "db": "CNNVD", "id": "CNNVD-202102-871" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-227", "ident": null }, { "db": "VULMON", "id": "CVE-2020-27001", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015926", "ident": null }, { "db": "NVD", "id": "CVE-2020-27001", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202102-871", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-227", "ident": null }, { "date": "2021-02-09T00:00:00", "db": "VULMON", "id": "CVE-2020-27001", "ident": null }, { "date": "2021-10-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015926", "ident": null }, { "date": "2021-02-09T17:15:14", "db": "NVD", "id": "CVE-2020-27001", "ident": null }, { "date": "2021-02-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-871", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-06-08T00:00:00", "db": "ZDI", "id": "ZDI-21-227", "ident": null }, { "date": "2021-05-19T00:00:00", "db": "VULMON", "id": "CVE-2020-27001", "ident": null }, { "date": "2021-10-25T06:47:00", "db": "JVNDB", "id": "JVNDB-2020-015926", "ident": null }, { "date": "2022-04-29T19:15:10.117000", "db": "NVD", "id": "CVE-2020-27001", "ident": null }, { "date": "2021-05-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-871", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-871" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds Vulnerability in Microsoft", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015926" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-871" } ], "trust": 0.6 } }
var-202309-0577
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21041). Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of WRL files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202309-0577", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "tecnomatix plant simulation", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2201.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.6" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.3.0.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.4.0.12" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.11" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.3.0.1" }, { "model": "tecnomatix plant simulation", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2302.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.2" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.3" }, { "model": "tecnomatix plant simulation", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2201.0010" }, { "model": "tecnomatix plant simulation", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2302.0004" }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "tecnomatix plant simulation", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1627" }, { "db": "JVNDB", "id": "JVNDB-2023-012094" }, { "db": "NVD", "id": "CVE-2023-38076" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-23-1627" } ], "trust": 0.7 }, "cve": "CVE-2023-38076", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2023-38076", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "OTHER", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2023-012094", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2023-38076", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2023-38076", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2023-012094", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2023-38076", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1627" }, { "db": "JVNDB", "id": "JVNDB-2023-012094" }, { "db": "NVD", "id": "CVE-2023-38076" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.1), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions \u003c V2201.0010), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21041). Siemens\u0027 JT2Go and Teamcenter Visualization Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of WRL files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer", "sources": [ { "db": "NVD", "id": "CVE-2023-38076" }, { "db": "JVNDB", "id": "JVNDB-2023-012094" }, { "db": "ZDI", "id": "ZDI-23-1627" }, { "db": "VULMON", "id": "CVE-2023-38076" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-38076", "trust": 3.4 }, { "db": "SIEMENS", "id": "SSA-278349", "trust": 1.9 }, { "db": "SIEMENS", "id": "SSA-478780", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU92598492", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU98137233", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-012094", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-21041", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-1627", "trust": 0.7 }, { "db": "VULMON", "id": "CVE-2023-38076", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1627" }, { "db": "VULMON", "id": "CVE-2023-38076" }, { "db": "JVNDB", "id": "JVNDB-2023-012094" }, { "db": "NVD", "id": "CVE-2023-38076" } ] }, "id": "VAR-202309-0577", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.2690208 }, "last_update_date": "2024-08-14T12:19:28.061000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-278349.html" } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1627" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "CWE-122", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-012094" }, { "db": "NVD", "id": "CVE-2023-38076" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu98137233/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu92598492/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38076" }, { "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-278349.html" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/122.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1627" }, { "db": "VULMON", "id": "CVE-2023-38076" }, { "db": "JVNDB", "id": "JVNDB-2023-012094" }, { "db": "NVD", "id": "CVE-2023-38076" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-23-1627" }, { "db": "VULMON", "id": "CVE-2023-38076" }, { "db": "JVNDB", "id": "JVNDB-2023-012094" }, { "db": "NVD", "id": "CVE-2023-38076" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-14T00:00:00", "db": "ZDI", "id": "ZDI-23-1627" }, { "date": "2023-09-12T00:00:00", "db": "VULMON", "id": "CVE-2023-38076" }, { "date": "2023-12-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-012094" }, { "date": "2023-09-12T10:15:28.727000", "db": "NVD", "id": "CVE-2023-38076" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-14T00:00:00", "db": "ZDI", "id": "ZDI-23-1627" }, { "date": "2023-09-12T00:00:00", "db": "VULMON", "id": "CVE-2023-38076" }, { "date": "2024-03-06T05:02:00", "db": "JVNDB", "id": "JVNDB-2023-012094" }, { "date": "2024-02-16T15:14:58.027000", "db": "NVD", "id": "CVE-2023-38076" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds write vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-012094" } ], "trust": 0.8 } }
var-202101-1899
Vulnerability from variot
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). Open Design Alliance Drawings SDK Has NULL A pointer dereference vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "_id": null, "model": "drawings software development kit", "scope": "lt", "trust": 1.0, "vendor": "opendesign", "version": "2021.11" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "comos", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "10.4.1" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "drawings sdk", "scope": null, "trust": 0.8, "vendor": "open design alliance", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-222" }, { "db": "ZDI", "id": "ZDI-21-221" }, { "db": "JVNDB", "id": "JVNDB-2021-002747" }, { "db": "NVD", "id": "CVE-2021-25176" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-21-222" } ], "trust": 0.7 }, "cve": "CVE-2021-25176", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-25176", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-383905", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-25176", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-25176", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-25176", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2021-25176", "trust": 1.4, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2021-25176", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2021-25176", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202101-1316", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-383905", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-25176", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-222" }, { "db": "ZDI", "id": "ZDI-21-221" }, { "db": "VULHUB", "id": "VHN-383905" }, { "db": "VULMON", "id": "CVE-2021-25176" }, { "db": "JVNDB", "id": "JVNDB-2021-002747" }, { "db": "CNNVD", "id": "CNNVD-202101-1316" }, { "db": "NVD", "id": "CVE-2021-25176" } ] }, "description": { "_id": null, "data": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). Open Design Alliance Drawings SDK Has NULL A pointer dereference vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages", "sources": [ { "db": "NVD", "id": "CVE-2021-25176" }, { "db": "JVNDB", "id": "JVNDB-2021-002747" }, { "db": "ZDI", "id": "ZDI-21-222" }, { "db": "ZDI", "id": "ZDI-21-221" }, { "db": "VULHUB", "id": "VHN-383905" }, { "db": "VULMON", "id": "CVE-2021-25176" } ], "trust": 3.06 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-25176", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-222", "trust": 3.3 }, { "db": "ZDI", "id": "ZDI-21-221", "trust": 3.3 }, { "db": "SIEMENS", "id": "SSA-663999", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-155599", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-21-047-01", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU92291213", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-002747", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11989", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11913", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-202101-1316", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2022.1047", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0577", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-040-06", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-069-06", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031102", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-383905", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-25176", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-222" }, { "db": "ZDI", "id": "ZDI-21-221" }, { "db": "VULHUB", "id": "VHN-383905" }, { "db": "VULMON", "id": "CVE-2021-25176" }, { "db": "JVNDB", "id": "JVNDB-2021-002747" }, { "db": "CNNVD", "id": "CNNVD-202101-1316" }, { "db": "NVD", "id": "CVE-2021-25176" } ] }, "id": "VAR-202101-1899", "iot": { "_id": null, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-383905" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T20:22:22.687000Z", "patch": { "_id": null, "data": [ { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "title": "Vulnerabilities\u00a0in\u00a0the\u00a0ODA\u00a0Drawings\u00a0Software\u00a0Development\u00a0Kit Siemens Siemens\u00a0Security\u00a0Advisory", "trust": 0.8, "url": "https://www.opendesign.com/security-advisories" }, { "title": "Open Design Alliance Drawings SDK Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139575" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=1c3bdb36e22f42f5b9339f0ff806382c" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-222" }, { "db": "ZDI", "id": "ZDI-21-221" }, { "db": "VULMON", "id": "CVE-2021-25176" }, { "db": "JVNDB", "id": "JVNDB-2021-002747" }, { "db": "CNNVD", "id": "CNNVD-202101-1316" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-476", "trust": 1.1 }, { "problemtype": "NULL Pointer dereference (CWE-476) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-383905" }, { "db": "JVNDB", "id": "JVNDB-2021-002747" }, { "db": "NVD", "id": "CVE-2021-25176" } ] }, "references": { "_id": null, "data": [ { "trust": 2.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-222/" }, { "trust": 2.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-221/" }, { "trust": 2.0, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "trust": 1.8, "url": "https://www.opendesign.com/security-advisories" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25176" }, { "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-047-01" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu92291213/index.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1047" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0577" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031102" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-06" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/476.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-222" }, { "db": "ZDI", "id": "ZDI-21-221" }, { "db": "VULHUB", "id": "VHN-383905" }, { "db": "VULMON", "id": "CVE-2021-25176" }, { "db": "JVNDB", "id": "JVNDB-2021-002747" }, { "db": "CNNVD", "id": "CNNVD-202101-1316" }, { "db": "NVD", "id": "CVE-2021-25176" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-222", "ident": null }, { "db": "ZDI", "id": "ZDI-21-221", "ident": null }, { "db": "VULHUB", "id": "VHN-383905", "ident": null }, { "db": "VULMON", "id": "CVE-2021-25176", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-002747", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202101-1316", "ident": null }, { "db": "NVD", "id": "CVE-2021-25176", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-222", "ident": null }, { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-221", "ident": null }, { "date": "2021-01-18T00:00:00", "db": "VULHUB", "id": "VHN-383905", "ident": null }, { "date": "2021-01-18T00:00:00", "db": "VULMON", "id": "CVE-2021-25176", "ident": null }, { "date": "2021-09-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-002747", "ident": null }, { "date": "2021-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-1316", "ident": null }, { "date": "2021-01-18T08:15:13.227000", "db": "NVD", "id": "CVE-2021-25176", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-222", "ident": null }, { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-221", "ident": null }, { "date": "2022-04-08T00:00:00", "db": "VULHUB", "id": "VHN-383905", "ident": null }, { "date": "2021-03-04T00:00:00", "db": "VULMON", "id": "CVE-2021-25176", "ident": null }, { "date": "2021-09-29T08:26:00", "db": "JVNDB", "id": "JVNDB-2021-002747", "ident": null }, { "date": "2022-03-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-1316", "ident": null }, { "date": "2024-11-21T05:54:30.343000", "db": "NVD", "id": "CVE-2021-25176", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-1316" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Siemens JT2Go DXF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-21-222" }, { "db": "ZDI", "id": "ZDI-21-221" } ], "trust": 1.4 }, "type": { "_id": null, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-1316" } ], "trust": 0.6 } }
var-202107-1410
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13356). JT2Go and Teamcenter Visualization There are input validation and out-of-bounds read vulnerabilities. Zero Day Initiative To this vulnerability ZDI-CAN-13356 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SGI files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-844" }, { "db": "JVNDB", "id": "JVNDB-2021-009321" }, { "db": "NVD", "id": "CVE-2021-34315" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34315" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-844" } ], "trust": 0.7 }, "cve": "CVE-2021-34315", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34315", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34315", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34315", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34315", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34315", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-892", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-34315", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-844" }, { "db": "VULMON", "id": "CVE-2021-34315" }, { "db": "JVNDB", "id": "JVNDB-2021-009321" }, { "db": "NVD", "id": "CVE-2021-34315" }, { "db": "CNNVD", "id": "CNNVD-202107-892" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13356). JT2Go and Teamcenter Visualization There are input validation and out-of-bounds read vulnerabilities. Zero Day Initiative To this vulnerability ZDI-CAN-13356 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SGI files", "sources": [ { "db": "NVD", "id": "CVE-2021-34315" }, { "db": "JVNDB", "id": "JVNDB-2021-009321" }, { "db": "ZDI", "id": "ZDI-21-844" }, { "db": "VULMON", "id": "CVE-2021-34315" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34315", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-844", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009321", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13356", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-892", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34315", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-844" }, { "db": "VULMON", "id": "CVE-2021-34315" }, { "db": "JVNDB", "id": "JVNDB-2021-009321" }, { "db": "NVD", "id": "CVE-2021-34315" }, { "db": "CNNVD", "id": "CNNVD-202107-892" } ] }, "id": "VAR-202107-1410", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:06:50.337000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156585" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-844" }, { "db": "VULMON", "id": "CVE-2021-34315" }, { "db": "JVNDB", "id": "JVNDB-2021-009321" }, { "db": "CNNVD", "id": "CNNVD-202107-892" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009321" }, { "db": "NVD", "id": "CVE-2021-34315" } ] }, "references": { "_id": null, "data": [ { "trust": 3.1, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-844/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34315" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-844" }, { "db": "VULMON", "id": "CVE-2021-34315" }, { "db": "JVNDB", "id": "JVNDB-2021-009321" }, { "db": "NVD", "id": "CVE-2021-34315" }, { "db": "CNNVD", "id": "CNNVD-202107-892" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-844", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34315", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009321", "ident": null }, { "db": "NVD", "id": "CVE-2021-34315", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-892", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-844", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34315", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009321", "ident": null }, { "date": "2021-07-13T11:15:12.063000", "db": "NVD", "id": "CVE-2021-34315", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-892", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-844", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "VULMON", "id": "CVE-2021-34315", "ident": null }, { "date": "2022-04-20T08:20:00", "db": "JVNDB", "id": "JVNDB-2021-009321", "ident": null }, { "date": "2021-07-27T14:08:30.760000", "db": "NVD", "id": "CVE-2021-34315", "ident": null }, { "date": "2021-08-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-892", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-892" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009321" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-892" } ], "trust": 0.6 } }
var-202101-1897
Vulnerability from variot
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "drawings software development kit", "scope": "lt", "trust": 1.0, "vendor": "opendesign", "version": "2021.12" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "comos", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "10.4.1" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "drawings sdk", "scope": null, "trust": 0.8, "vendor": "open design alliance", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-226" }, { "db": "JVNDB", "id": "JVNDB-2021-002745" }, { "db": "NVD", "id": "CVE-2021-25174" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-21-226" } ], "trust": 0.7 }, "cve": "CVE-2021-25174", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-25174", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-383903", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-25174", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-25174", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-25174", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-25174", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2021-25174", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2021-25174", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202101-1323", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-383903", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-226" }, { "db": "VULHUB", "id": "VHN-383903" }, { "db": "JVNDB", "id": "JVNDB-2021-002745" }, { "db": "CNNVD", "id": "CNNVD-202101-1323" }, { "db": "NVD", "id": "CVE-2021-25174" } ] }, "description": { "_id": null, "data": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages", "sources": [ { "db": "NVD", "id": "CVE-2021-25174" }, { "db": "JVNDB", "id": "JVNDB-2021-002745" }, { "db": "ZDI", "id": "ZDI-21-226" }, { "db": "VULHUB", "id": "VHN-383903" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-25174", "trust": 3.2 }, { "db": "ZDI", "id": "ZDI-21-226", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-155599", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-663999", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-21-047-01", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU92291213", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-002745", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12026", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-202101-1323", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.0577", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1047", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-069-06", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-040-06", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031102", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-383903", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-226" }, { "db": "VULHUB", "id": "VHN-383903" }, { "db": "JVNDB", "id": "JVNDB-2021-002745" }, { "db": "CNNVD", "id": "CNNVD-202101-1323" }, { "db": "NVD", "id": "CVE-2021-25174" } ] }, "id": "VAR-202101-1897", "iot": { "_id": null, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-383903" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T21:09:20.319000Z", "patch": { "_id": null, "data": [ { "title": "Vulnerabilities\u00a0in\u00a0the\u00a0ODA\u00a0Drawings\u00a0Software\u00a0Development\u00a0Kit Siemens Siemens\u00a0Security\u00a0Advisory", "trust": 0.8, "url": "https://www.opendesign.com/security-advisories" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "title": "Open Design Alliance Drawings SDK Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139579" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-226" }, { "db": "JVNDB", "id": "JVNDB-2021-002745" }, { "db": "CNNVD", "id": "CNNVD-202101-1323" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "Resource exhaustion (CWE-400) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": "CWE-400", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-383903" }, { "db": "JVNDB", "id": "JVNDB-2021-002745" }, { "db": "NVD", "id": "CVE-2021-25174" } ] }, "references": { "_id": null, "data": [ { "trust": 2.5, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-226/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "trust": 1.7, "url": "https://www.opendesign.com/security-advisories" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25174" }, { "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-047-01" }, { "trust": 1.3, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu92291213/index.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1047" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0577" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031102" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-06" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-226" }, { "db": "VULHUB", "id": "VHN-383903" }, { "db": "JVNDB", "id": "JVNDB-2021-002745" }, { "db": "CNNVD", "id": "CNNVD-202101-1323" }, { "db": "NVD", "id": "CVE-2021-25174" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-226", "ident": null }, { "db": "VULHUB", "id": "VHN-383903", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-002745", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202101-1323", "ident": null }, { "db": "NVD", "id": "CVE-2021-25174", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-226", "ident": null }, { "date": "2021-01-18T00:00:00", "db": "VULHUB", "id": "VHN-383903", "ident": null }, { "date": "2021-09-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-002745", "ident": null }, { "date": "2021-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-1323", "ident": null }, { "date": "2021-01-18T08:15:13.117000", "db": "NVD", "id": "CVE-2021-25174", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-226", "ident": null }, { "date": "2022-04-08T00:00:00", "db": "VULHUB", "id": "VHN-383903", "ident": null }, { "date": "2021-09-29T08:26:00", "db": "JVNDB", "id": "JVNDB-2021-002745", "ident": null }, { "date": "2022-04-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-1323", "ident": null }, { "date": "2024-11-21T05:54:30.027000", "db": "NVD", "id": "CVE-2021-25174", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-1323" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Open\u00a0Design\u00a0Alliance\u00a0Drawings\u00a0SDK\u00a0 Resource Depletion Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002745" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-1323" } ], "trust": 0.6 } }
var-202107-1407
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13353). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13353 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIF files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-841" }, { "db": "JVNDB", "id": "JVNDB-2021-009325" }, { "db": "NVD", "id": "CVE-2021-34312" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34312" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-841" } ], "trust": 0.7 }, "cve": "CVE-2021-34312", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34312", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34312", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34312", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34312", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34312", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-888", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-34312", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-841" }, { "db": "VULMON", "id": "CVE-2021-34312" }, { "db": "JVNDB", "id": "JVNDB-2021-009325" }, { "db": "NVD", "id": "CVE-2021-34312" }, { "db": "CNNVD", "id": "CNNVD-202107-888" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13353). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13353 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIF files", "sources": [ { "db": "NVD", "id": "CVE-2021-34312" }, { "db": "JVNDB", "id": "JVNDB-2021-009325" }, { "db": "ZDI", "id": "ZDI-21-841" }, { "db": "VULMON", "id": "CVE-2021-34312" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34312", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-841", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009325", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13353", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-888", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34312", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-841" }, { "db": "VULMON", "id": "CVE-2021-34312" }, { "db": "JVNDB", "id": "JVNDB-2021-009325" }, { "db": "NVD", "id": "CVE-2021-34312" }, { "db": "CNNVD", "id": "CNNVD-202107-888" } ] }, "id": "VAR-202107-1407", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:47:10.474000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=156581" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34312 " } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-841" }, { "db": "VULMON", "id": "CVE-2021-34312" }, { "db": "JVNDB", "id": "JVNDB-2021-009325" }, { "db": "CNNVD", "id": "CNNVD-202107-888" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009325" }, { "db": "NVD", "id": "CVE-2021-34312" } ] }, "references": { "_id": null, "data": [ { "trust": 3.2, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-841/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34312" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34312" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-841" }, { "db": "VULMON", "id": "CVE-2021-34312" }, { "db": "JVNDB", "id": "JVNDB-2021-009325" }, { "db": "NVD", "id": "CVE-2021-34312" }, { "db": "CNNVD", "id": "CNNVD-202107-888" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-841", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34312", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009325", "ident": null }, { "db": "NVD", "id": "CVE-2021-34312", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-888", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-841", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34312", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009325", "ident": null }, { "date": "2021-07-13T11:15:11.827000", "db": "NVD", "id": "CVE-2021-34312", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-888", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-841", "ident": null }, { "date": "2022-10-07T00:00:00", "db": "VULMON", "id": "CVE-2021-34312", "ident": null }, { "date": "2022-04-20T08:34:00", "db": "JVNDB", "id": "JVNDB-2021-009325", "ident": null }, { "date": "2022-10-07T20:47:47.987000", "db": "NVD", "id": "CVE-2021-34312", "ident": null }, { "date": "2022-10-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-888", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-888" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009325" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-888" } ], "trust": 0.6 } }
var-202101-1896
Vulnerability from variot
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "drawings software development kit", "scope": "lt", "trust": 1.0, "vendor": "opendesign", "version": "2021.12" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "comos", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "10.4.1" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "drawings sdk", "scope": null, "trust": 0.8, "vendor": "open design alliance", "version": null }, { "_id": null, "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-225" }, { "db": "JVNDB", "id": "JVNDB-2021-002840" }, { "db": "NVD", "id": "CVE-2021-25173" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-21-225" } ], "trust": 0.7 }, "cve": "CVE-2021-25173", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-25173", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-383902", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-25173", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-25173", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-25173", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-25173", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2021-25173", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2021-25173", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202101-1319", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-383902", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-225" }, { "db": "VULHUB", "id": "VHN-383902" }, { "db": "JVNDB", "id": "JVNDB-2021-002840" }, { "db": "CNNVD", "id": "CNNVD-202101-1319" }, { "db": "NVD", "id": "CVE-2021-25173" } ] }, "description": { "_id": null, "data": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages", "sources": [ { "db": "NVD", "id": "CVE-2021-25173" }, { "db": "JVNDB", "id": "JVNDB-2021-002840" }, { "db": "ZDI", "id": "ZDI-21-225" }, { "db": "VULHUB", "id": "VHN-383902" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-25173", "trust": 3.2 }, { "db": "ZDI", "id": "ZDI-21-225", "trust": 2.4 }, { "db": "SIEMENS", "id": "SSA-155599", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-663999", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU92291213", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU91083521", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-002840", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12019", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-202101-1319", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2022.1047", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0577", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031102", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-047-01", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-069-06", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-040-06", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-383902", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-225" }, { "db": "VULHUB", "id": "VHN-383902" }, { "db": "JVNDB", "id": "JVNDB-2021-002840" }, { "db": "CNNVD", "id": "CNNVD-202101-1319" }, { "db": "NVD", "id": "CVE-2021-25173" } ] }, "id": "VAR-202101-1896", "iot": { "_id": null, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-383902" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T19:30:13.083000Z", "patch": { "_id": null, "data": [ { "title": "Vulnerabilities\u00a0in\u00a0the\u00a0ODA\u00a0Drawings\u00a0Software\u00a0Development\u00a0Kit Siemens Siemens\u00a0Security\u00a0Advisory", "trust": 0.8, "url": "https://www.opendesign.com/security-advisories" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "title": "Open Design Alliance Drawings SDK Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139577" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-225" }, { "db": "JVNDB", "id": "JVNDB-2021-002840" }, { "db": "CNNVD", "id": "CNNVD-202101-1319" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-770", "trust": 1.1 }, { "problemtype": "Allocation of resources without limits or throttling (CWE-770) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-383902" }, { "db": "JVNDB", "id": "JVNDB-2021-002840" }, { "db": "NVD", "id": "CVE-2021-25173" } ] }, "references": { "_id": null, "data": [ { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "trust": 1.7, "url": "https://www.opendesign.com/security-advisories" }, { "trust": 1.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-225/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25173" }, { "trust": 1.3, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu92291213/index.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91083521/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1047" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0577" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-047-01" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031102" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-06" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-225" }, { "db": "VULHUB", "id": "VHN-383902" }, { "db": "JVNDB", "id": "JVNDB-2021-002840" }, { "db": "CNNVD", "id": "CNNVD-202101-1319" }, { "db": "NVD", "id": "CVE-2021-25173" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-225", "ident": null }, { "db": "VULHUB", "id": "VHN-383902", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-002840", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202101-1319", "ident": null }, { "db": "NVD", "id": "CVE-2021-25173", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-225", "ident": null }, { "date": "2021-01-18T00:00:00", "db": "VULHUB", "id": "VHN-383902", "ident": null }, { "date": "2021-10-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-002840", "ident": null }, { "date": "2021-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-1319", "ident": null }, { "date": "2021-01-18T08:15:13.023000", "db": "NVD", "id": "CVE-2021-25173", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-225", "ident": null }, { "date": "2022-04-08T00:00:00", "db": "VULHUB", "id": "VHN-383902", "ident": null }, { "date": "2021-10-06T05:19:00", "db": "JVNDB", "id": "JVNDB-2021-002840", "ident": null }, { "date": "2022-03-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-1319", "ident": null }, { "date": "2024-11-21T05:54:29.863000", "db": "NVD", "id": "CVE-2021-25173", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-1319" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Open\u00a0Design\u00a0Alliance\u00a0Drawings\u00a0SDK\u00a0 Vulnerability in resource allocation without restrictions or throttling in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002840" } ], "trust": 0.8 }, "type": { "_id": null, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-1319" } ], "trust": 0.6 } }
var-202107-1398
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13198). JT2Go and Teamcenter Visualization There are input validation and out-of-bounds read vulnerabilities. Zero Day Initiative To this vulnerability ZDI-CAN-13198 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIFF files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-848" }, { "db": "JVNDB", "id": "JVNDB-2021-009335" }, { "db": "NVD", "id": "CVE-2021-34303" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34303" } ] }, "credits": { "_id": null, "data": "xina1i at SecZone", "sources": [ { "db": "ZDI", "id": "ZDI-21-848" } ], "trust": 0.7 }, "cve": "CVE-2021-34303", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34303", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34303", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2021-34303", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34303", "trust": 1.8, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2021-34303", "trust": 0.7, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202107-878", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-34303", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-848" }, { "db": "VULMON", "id": "CVE-2021-34303" }, { "db": "JVNDB", "id": "JVNDB-2021-009335" }, { "db": "NVD", "id": "CVE-2021-34303" }, { "db": "CNNVD", "id": "CNNVD-202107-878" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13198). JT2Go and Teamcenter Visualization There are input validation and out-of-bounds read vulnerabilities. Zero Day Initiative To this vulnerability ZDI-CAN-13198 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIFF files", "sources": [ { "db": "NVD", "id": "CVE-2021-34303" }, { "db": "JVNDB", "id": "JVNDB-2021-009335" }, { "db": "ZDI", "id": "ZDI-21-848" }, { "db": "VULMON", "id": "CVE-2021-34303" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34303", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-848", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009335", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13198", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-878", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34303", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-848" }, { "db": "VULMON", "id": "CVE-2021-34303" }, { "db": "JVNDB", "id": "JVNDB-2021-009335" }, { "db": "NVD", "id": "CVE-2021-34303" }, { "db": "CNNVD", "id": "CNNVD-202107-878" } ] }, "id": "VAR-202107-1398", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:56:41.086000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=156571" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34303 " } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-848" }, { "db": "VULMON", "id": "CVE-2021-34303" }, { "db": "JVNDB", "id": "JVNDB-2021-009335" }, { "db": "CNNVD", "id": "CNNVD-202107-878" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009335" }, { "db": "NVD", "id": "CVE-2021-34303" } ] }, "references": { "_id": null, "data": [ { "trust": 3.2, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-848/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34303" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34303" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-848" }, { "db": "VULMON", "id": "CVE-2021-34303" }, { "db": "JVNDB", "id": "JVNDB-2021-009335" }, { "db": "NVD", "id": "CVE-2021-34303" }, { "db": "CNNVD", "id": "CNNVD-202107-878" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-848", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34303", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009335", "ident": null }, { "db": "NVD", "id": "CVE-2021-34303", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-878", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-848", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34303", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009335", "ident": null }, { "date": "2021-07-13T11:15:11.137000", "db": "NVD", "id": "CVE-2021-34303", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-878", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-848", "ident": null }, { "date": "2022-10-07T00:00:00", "db": "VULMON", "id": "CVE-2021-34303", "ident": null }, { "date": "2022-04-20T09:00:00", "db": "JVNDB", "id": "JVNDB-2021-009335", "ident": null }, { "date": "2022-10-07T20:48:00.843000", "db": "NVD", "id": "CVE-2021-34303", "ident": null }, { "date": "2022-10-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-878", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-878" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009335" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-878" } ], "trust": 0.6 } }
var-202112-0800
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0800", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44009" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44009" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro\u2019s Zero Day Initiative and Jin Huang from ADLab reported these vulnerabilities.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1200" } ], "trust": 0.6 }, "cve": "CVE-2021-44009", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-44009", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202112-1200", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44009" }, { "db": "CNNVD", "id": "CNNVD-202112-1200" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process.", "sources": [ { "db": "NVD", "id": "CVE-2021-44009" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SIEMENS", "id": "SSA-595101", "trust": 1.6 }, { "db": "NVD", "id": "CVE-2021-44009", "trust": 1.6 }, { "db": "CS-HELP", "id": "SB2022010614", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-350-10", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4300", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202112-1200", "trust": 0.6 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44009" }, { "db": "CNNVD", "id": "CNNVD-202112-1200" } ] }, "id": "VAR-202112-0800", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:21:46.831000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens Jt2go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=174915" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1200" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44009" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-10" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4300" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010614" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44009" }, { "db": "CNNVD", "id": "CNNVD-202112-1200" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "NVD", "id": "CVE-2021-44009" }, { "db": "CNNVD", "id": "CNNVD-202112-1200" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-14T12:15:10.510000", "db": "NVD", "id": "CVE-2021-44009" }, { "date": "2021-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1200" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-15T13:23:30.857000", "db": "NVD", "id": "CVE-2021-44009" }, { "date": "2022-01-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1200" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1200" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Jt2go Buffer error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1200" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1200" } ], "trust": 0.6 } }
var-202107-1401
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13342). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13342 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BMP files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-835" }, { "db": "JVNDB", "id": "JVNDB-2021-009332" }, { "db": "NVD", "id": "CVE-2021-34306" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34306" } ] }, "credits": { "_id": null, "data": "Brian Gorenc of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-835" }, { "db": "CNNVD", "id": "CNNVD-202107-885" } ], "trust": 1.3 }, "cve": "CVE-2021-34306", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34306", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34306", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34306", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34306", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34306", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-885", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-34306", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-835" }, { "db": "VULMON", "id": "CVE-2021-34306" }, { "db": "JVNDB", "id": "JVNDB-2021-009332" }, { "db": "NVD", "id": "CVE-2021-34306" }, { "db": "CNNVD", "id": "CNNVD-202107-885" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13342). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13342 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BMP files", "sources": [ { "db": "NVD", "id": "CVE-2021-34306" }, { "db": "JVNDB", "id": "JVNDB-2021-009332" }, { "db": "ZDI", "id": "ZDI-21-835" }, { "db": "VULMON", "id": "CVE-2021-34306" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34306", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-835", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009332", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13342", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-885", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34306", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-835" }, { "db": "VULMON", "id": "CVE-2021-34306" }, { "db": "JVNDB", "id": "JVNDB-2021-009332" }, { "db": "NVD", "id": "CVE-2021-34306" }, { "db": "CNNVD", "id": "CNNVD-202107-885" } ] }, "id": "VAR-202107-1401", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:03:32.217000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=156578" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34306 " } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-835" }, { "db": "VULMON", "id": "CVE-2021-34306" }, { "db": "JVNDB", "id": "JVNDB-2021-009332" }, { "db": "CNNVD", "id": "CNNVD-202107-885" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009332" }, { "db": "NVD", "id": "CVE-2021-34306" } ] }, "references": { "_id": null, "data": [ { "trust": 3.2, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-835/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34306" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34306" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-835" }, { "db": "VULMON", "id": "CVE-2021-34306" }, { "db": "JVNDB", "id": "JVNDB-2021-009332" }, { "db": "NVD", "id": "CVE-2021-34306" }, { "db": "CNNVD", "id": "CNNVD-202107-885" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-835", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34306", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009332", "ident": null }, { "db": "NVD", "id": "CVE-2021-34306", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-885", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-835", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34306", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009332", "ident": null }, { "date": "2021-07-13T11:15:11.363000", "db": "NVD", "id": "CVE-2021-34306", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-885", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-835", "ident": null }, { "date": "2022-10-07T00:00:00", "db": "VULMON", "id": "CVE-2021-34306", "ident": null }, { "date": "2022-04-20T08:53:00", "db": "JVNDB", "id": "JVNDB-2021-009332", "ident": null }, { "date": "2022-10-07T20:47:54.337000", "db": "NVD", "id": "CVE-2021-34306", "ident": null }, { "date": "2022-10-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-885", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-885" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009332" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-885" } ], "trust": 0.6 } }
var-202107-1421
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13422). Zero Day Initiative To this vulnerability ZDI-CAN-13422 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "solid edge", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "se2021" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "solid edge", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "se2021" }, { "_id": null, "model": "solid edge", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-864" }, { "db": "JVNDB", "id": "JVNDB-2021-009279" }, { "db": "NVD", "id": "CVE-2021-34326" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "se2021", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34326" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-864" }, { "db": "CNNVD", "id": "CNNVD-202107-923" } ], "trust": 1.3 }, "cve": "CVE-2021-34326", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34326", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34326", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34326", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34326", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34326", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-923", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-34326", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-864" }, { "db": "VULMON", "id": "CVE-2021-34326" }, { "db": "JVNDB", "id": "JVNDB-2021-009279" }, { "db": "CNNVD", "id": "CNNVD-202107-923" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "NVD", "id": "CVE-2021-34326" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Solid Edge SE2021 (All Versions \u003c SE2021MP5), Teamcenter Visualization (All versions \u003c V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13422). Zero Day Initiative To this vulnerability ZDI-CAN-13422 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-34326" }, { "db": "JVNDB", "id": "JVNDB-2021-009279" }, { "db": "ZDI", "id": "ZDI-21-864" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-34326" } ], "trust": 2.88 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34326", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-864", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-173615", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009279", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13422", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.2403", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021071508", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-923", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34326", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-864" }, { "db": "VULMON", "id": "CVE-2021-34326" }, { "db": "JVNDB", "id": "JVNDB-2021-009279" }, { "db": "CNNVD", "id": "CNNVD-202107-923" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "NVD", "id": "CVE-2021-34326" } ] }, "id": "VAR-202107-1421", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2024-04-26T10:58:15.919000Z", "patch": { "_id": null, "data": [ { "title": "SSA-173615 Siemens\u00a0Security\u00a0Advisory", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=156616" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=e172da356a059f9e1b4ef7215ce64ef1" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-864" }, { "db": "VULMON", "id": "CVE-2021-34326" }, { "db": "JVNDB", "id": "JVNDB-2021-009279" }, { "db": "CNNVD", "id": "CNNVD-202107-923" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009279" }, { "db": "NVD", "id": "CVE-2021-34326" } ] }, "references": { "_id": null, "data": [ { "trust": 3.1, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-864/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34326" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071508" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2403" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-864" }, { "db": "VULMON", "id": "CVE-2021-34326" }, { "db": "JVNDB", "id": "JVNDB-2021-009279" }, { "db": "CNNVD", "id": "CNNVD-202107-923" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "NVD", "id": "CVE-2021-34326" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-864", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34326", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009279", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-923", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "db": "NVD", "id": "CVE-2021-34326", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-864", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34326", "ident": null }, { "date": "2022-04-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009279", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-923", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2021-07-13T11:15:12.927000", "db": "NVD", "id": "CVE-2021-34326", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-864", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "VULMON", "id": "CVE-2021-34326", "ident": null }, { "date": "2024-04-11T05:59:00", "db": "JVNDB", "id": "JVNDB-2021-009279", "ident": null }, { "date": "2022-10-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-923", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2022-10-27T12:23:58.637000", "db": "NVD", "id": "CVE-2021-34326", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-923" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Out-of-bounds write vulnerabilities in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009279" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-923" } ], "trust": 0.6 } }
var-202309-0578
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20840). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of WRL files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202309-0578", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "tecnomatix plant simulation", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2201.0" }, { "model": "tecnomatix plant simulation", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2302.0004" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.6" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.3" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.3.0.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.4.0.12" }, { "model": "tecnomatix plant simulation", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2201.0010" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.3.0.1" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.2" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.11" }, { "model": "tecnomatix plant simulation", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2302.0" }, { "model": "tecnomatix plant simulation", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1628" }, { "db": "NVD", "id": "CVE-2023-38074" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-23-1628" } ], "trust": 0.7 }, "cve": "CVE-2023-38074", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2023-38074", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2023-38074", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2023-38074", "trust": 1.0, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2023-38074", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1628" }, { "db": "NVD", "id": "CVE-2023-38074" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.1), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions \u003c V2201.0010), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20840). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of WRL files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition", "sources": [ { "db": "NVD", "id": "CVE-2023-38074" }, { "db": "ZDI", "id": "ZDI-23-1628" }, { "db": "VULMON", "id": "CVE-2023-38074" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-38074", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-278349", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-478780", "trust": 1.0 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-20840", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-1628", "trust": 0.7 }, { "db": "VULMON", "id": "CVE-2023-38074", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1628" }, { "db": "VULMON", "id": "CVE-2023-38074" }, { "db": "NVD", "id": "CVE-2023-38074" } ] }, "id": "VAR-202309-0578", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.2690208 }, "last_update_date": "2024-08-14T13:13:44.233000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-278349.html" } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1628" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-843", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-38074" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" }, { "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-278349.html" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/843.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1628" }, { "db": "VULMON", "id": "CVE-2023-38074" }, { "db": "NVD", "id": "CVE-2023-38074" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-23-1628" }, { "db": "VULMON", "id": "CVE-2023-38074" }, { "db": "NVD", "id": "CVE-2023-38074" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-14T00:00:00", "db": "ZDI", "id": "ZDI-23-1628" }, { "date": "2023-09-12T00:00:00", "db": "VULMON", "id": "CVE-2023-38074" }, { "date": "2023-09-12T10:15:28.367000", "db": "NVD", "id": "CVE-2023-38074" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-14T00:00:00", "db": "ZDI", "id": "ZDI-23-1628" }, { "date": "2023-09-12T00:00:00", "db": "VULMON", "id": "CVE-2023-38074" }, { "date": "2024-01-25T02:21:12.227000", "db": "NVD", "id": "CVE-2023-38074" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Tecnomatix Plant Simulation WRL File Parsing Type Confusion Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-23-1628" } ], "trust": 0.7 } }
var-202101-0346
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of RGB and SGI files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11986, ZDI-CAN-11994). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-11986 and ZDI-CAN-11994 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of RGB and SGI files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT,
VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-058" }, { "db": "ZDI", "id": "ZDI-21-056" }, { "db": "CNVD", "id": "CNVD-2021-02586" }, { "db": "JVNDB", "id": "JVNDB-2020-015267" }, { "db": "NVD", "id": "CVE-2020-26985" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-21-058" }, { "db": "ZDI", "id": "ZDI-21-056" } ], "trust": 1.4 }, "cve": "CVE-2020-26985", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-26985", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2021-02586", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-26985", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2020-26985", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-26985", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2020-26985", "trust": 1.4, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2020-26985", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2020-26985", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2021-02586", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202101-854", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-058" }, { "db": "ZDI", "id": "ZDI-21-056" }, { "db": "CNVD", "id": "CNVD-2021-02586" }, { "db": "JVNDB", "id": "JVNDB-2020-015267" }, { "db": "CNNVD", "id": "CNNVD-202101-854" }, { "db": "NVD", "id": "CVE-2020-26985" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of RGB and SGI files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11986, ZDI-CAN-11994). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-11986 and ZDI-CAN-11994 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of RGB and SGI files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT,\r\n\r\nVFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment", "sources": [ { "db": "NVD", "id": "CVE-2020-26985" }, { "db": "JVNDB", "id": "JVNDB-2020-015267" }, { "db": "ZDI", "id": "ZDI-21-058" }, { "db": "ZDI", "id": "ZDI-21-056" }, { "db": "CNVD", "id": "CNVD-2021-02586" } ], "trust": 3.42 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-26985", "trust": 4.4 }, { "db": "ZDI", "id": "ZDI-21-058", "trust": 3.1 }, { "db": "ZDI", "id": "ZDI-21-056", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-622830", "trust": 2.2 }, { "db": "JVN", "id": "JVNVU91685542", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015267", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11986", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11994", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2021-02586", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0125", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-012-03", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-854", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-058" }, { "db": "ZDI", "id": "ZDI-21-056" }, { "db": "CNVD", "id": "CNVD-2021-02586" }, { "db": "JVNDB", "id": "JVNDB-2020-015267" }, { "db": "CNNVD", "id": "CNNVD-202101-854" }, { "db": "NVD", "id": "CVE-2020-26985" } ] }, "id": "VAR-202101-0346", "iot": { "_id": null, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-02586" } ], "trust": 0.06 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02586" } ] }, "last_update_date": "2024-11-23T19:46:23.400000Z", "patch": { "_id": null, "data": [ { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "title": "SSA-622830", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "title": "Patch for JT2Go and Teamcenter Visualization heap buffer overflow vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/243994" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139365" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-058" }, { "db": "ZDI", "id": "ZDI-21-056" }, { "db": "CNVD", "id": "CNVD-2021-02586" }, { "db": "JVNDB", "id": "JVNDB-2020-015267" }, { "db": "CNNVD", "id": "CNNVD-202101-854" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-122", "trust": 1.0 }, { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015267" }, { "db": "NVD", "id": "CVE-2020-26985" } ] }, "references": { "_id": null, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-056/" }, { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-058/" }, { "trust": 2.2, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26985" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91685542/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0125/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-058" }, { "db": "ZDI", "id": "ZDI-21-056" }, { "db": "CNVD", "id": "CNVD-2021-02586" }, { "db": "JVNDB", "id": "JVNDB-2020-015267" }, { "db": "CNNVD", "id": "CNNVD-202101-854" }, { "db": "NVD", "id": "CVE-2020-26985" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-058", "ident": null }, { "db": "ZDI", "id": "ZDI-21-056", "ident": null }, { "db": "CNVD", "id": "CNVD-2021-02586", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015267", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202101-854", "ident": null }, { "db": "NVD", "id": "CVE-2020-26985", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-058", "ident": null }, { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-056", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02586", "ident": null }, { "date": "2021-09-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015267", "ident": null }, { "date": "2021-01-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-854", "ident": null }, { "date": "2021-01-12T21:15:16.933000", "db": "NVD", "id": "CVE-2020-26985", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-058", "ident": null }, { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-056", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02586", "ident": null }, { "date": "2021-09-15T08:33:00", "db": "JVNDB", "id": "JVNDB-2020-015267", "ident": null }, { "date": "2021-02-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-854", "ident": null }, { "date": "2024-11-21T05:20:37.743000", "db": "NVD", "id": "CVE-2020-26985", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-854" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Siemens JT2Go RGB and SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-21-058" }, { "db": "ZDI", "id": "ZDI-21-056" } ], "trust": 1.4 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-854" } ], "trust": 0.6 } }
var-202107-1424
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13427). Zero Day Initiative To this vulnerability ZDI-CAN-13427 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "solid edge", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "se2021" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "solid edge", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "se2021" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "solid edge", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-867" }, { "db": "JVNDB", "id": "JVNDB-2021-009276" }, { "db": "NVD", "id": "CVE-2021-34329" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "se2021", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34329" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-867" } ], "trust": 0.7 }, "cve": "CVE-2021-34329", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34329", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34329", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34329", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34329", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34329", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-925", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-34329", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-867" }, { "db": "VULMON", "id": "CVE-2021-34329" }, { "db": "JVNDB", "id": "JVNDB-2021-009276" }, { "db": "NVD", "id": "CVE-2021-34329" }, { "db": "CNNVD", "id": "CNNVD-202107-925" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Solid Edge SE2021 (All Versions \u003c SE2021MP5), Teamcenter Visualization (All versions \u003c V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13427). Zero Day Initiative To this vulnerability ZDI-CAN-13427 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-34329" }, { "db": "JVNDB", "id": "JVNDB-2021-009276" }, { "db": "ZDI", "id": "ZDI-21-867" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-34329" } ], "trust": 2.88 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34329", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-867", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-173615", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009276", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13427", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.2403", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021071508", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-925", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34329", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-867" }, { "db": "VULMON", "id": "CVE-2021-34329" }, { "db": "JVNDB", "id": "JVNDB-2021-009276" }, { "db": "NVD", "id": "CVE-2021-34329" }, { "db": "CNNVD", "id": "CNNVD-202107-925" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "id": "VAR-202107-1424", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:37:14.093000Z", "patch": { "_id": null, "data": [ { "title": "SSA-173615 Siemens\u00a0Security\u00a0Advisory", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=156618" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=e172da356a059f9e1b4ef7215ce64ef1" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34329 " } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-867" }, { "db": "VULMON", "id": "CVE-2021-34329" }, { "db": "JVNDB", "id": "JVNDB-2021-009276" }, { "db": "CNNVD", "id": "CNNVD-202107-925" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009276" }, { "db": "NVD", "id": "CVE-2021-34329" } ] }, "references": { "_id": null, "data": [ { "trust": 2.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-867/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34329" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071508" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2403" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34329" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-867" }, { "db": "VULMON", "id": "CVE-2021-34329" }, { "db": "JVNDB", "id": "JVNDB-2021-009276" }, { "db": "NVD", "id": "CVE-2021-34329" }, { "db": "CNNVD", "id": "CNNVD-202107-925" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-867", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34329", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009276", "ident": null }, { "db": "NVD", "id": "CVE-2021-34329", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-925", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-867", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34329", "ident": null }, { "date": "2022-04-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009276", "ident": null }, { "date": "2021-07-13T11:15:13.173000", "db": "NVD", "id": "CVE-2021-34329", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-925", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-867", "ident": null }, { "date": "2022-10-07T00:00:00", "db": "VULMON", "id": "CVE-2021-34329", "ident": null }, { "date": "2022-04-19T09:26:00", "db": "JVNDB", "id": "JVNDB-2021-009276", "ident": null }, { "date": "2022-10-07T20:47:19.807000", "db": "NVD", "id": "CVE-2021-34329", "ident": null }, { "date": "2022-10-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-925", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-925" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Out-of-bounds write vulnerabilities in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009276" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-925" } ], "trust": 0.6 } }
var-202212-1166
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1166", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.12" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.6" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.8" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "jt2go", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.4" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023187" }, { "db": "NVD", "id": "CVE-2022-41284" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.4", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.8", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.12", "versionStartIncluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-41284" } ] }, "cve": "CVE-2022-41284", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "OTHER", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2022-023187", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2022-41284", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2022-41284", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2022-023187", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202212-3108", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023187" }, { "db": "NVD", "id": "CVE-2022-41284" }, { "db": "NVD", "id": "CVE-2022-41284" }, { "db": "CNNVD", "id": "CNNVD-202212-3108" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. Siemens\u0027 JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-41284" }, { "db": "JVNDB", "id": "JVNDB-2022-023187" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-41284", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-700053", "trust": 2.4 }, { "db": "ICS CERT", "id": "ICSA-22-349-20", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU91561630", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-023187", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202212-3108", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023187" }, { "db": "NVD", "id": "CVE-2022-41284" }, { "db": "CNNVD", "id": "CNNVD-202212-3108" } ] }, "id": "VAR-202212-1166", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:48:26.006000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens part of the product Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=217846" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3108" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023187" }, { "db": "NVD", "id": "CVE-2022-41284" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91561630/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41284" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-20" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-41284/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023187" }, { "db": "NVD", "id": "CVE-2022-41284" }, { "db": "CNNVD", "id": "CNNVD-202212-3108" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2022-023187" }, { "db": "NVD", "id": "CVE-2022-41284" }, { "db": "CNNVD", "id": "CNNVD-202212-3108" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-023187" }, { "date": "2022-12-13T16:15:22.783000", "db": "NVD", "id": "CVE-2022-41284" }, { "date": "2022-12-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3108" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-28T02:19:00", "db": "JVNDB", "id": "JVNDB-2022-023187" }, { "date": "2023-04-11T10:15:17.023000", "db": "NVD", "id": "CVE-2022-41284" }, { "date": "2023-04-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3108" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3108" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023187" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3108" } ], "trust": 0.6 } }
var-202212-1165
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1165", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.12" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.6" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.8" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "jt2go", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.4" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023184" }, { "db": "NVD", "id": "CVE-2022-41286" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.4", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.8", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.12", "versionStartIncluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-41286" } ] }, "cve": "CVE-2022-41286", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "OTHER", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2022-023184", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2022-41286", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2022-41286", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2022-023184", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202212-3104", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023184" }, { "db": "NVD", "id": "CVE-2022-41286" }, { "db": "NVD", "id": "CVE-2022-41286" }, { "db": "CNNVD", "id": "CNNVD-202212-3104" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. Siemens\u0027 JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-41286" }, { "db": "JVNDB", "id": "JVNDB-2022-023184" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-41286", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-700053", "trust": 2.4 }, { "db": "ICS CERT", "id": "ICSA-22-349-20", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU91561630", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-023184", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202212-3104", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023184" }, { "db": "NVD", "id": "CVE-2022-41286" }, { "db": "CNNVD", "id": "CNNVD-202212-3104" } ] }, "id": "VAR-202212-1165", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:19:48.623000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens part of the product Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=217843" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3104" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023184" }, { "db": "NVD", "id": "CVE-2022-41286" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91561630/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41286" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-20" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-41286/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023184" }, { "db": "NVD", "id": "CVE-2022-41286" }, { "db": "CNNVD", "id": "CNNVD-202212-3104" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2022-023184" }, { "db": "NVD", "id": "CVE-2022-41286" }, { "db": "CNNVD", "id": "CNNVD-202212-3104" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-023184" }, { "date": "2022-12-13T16:15:22.973000", "db": "NVD", "id": "CVE-2022-41286" }, { "date": "2022-12-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3104" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-28T02:17:00", "db": "JVNDB", "id": "JVNDB-2022-023184" }, { "date": "2023-04-11T10:15:17.183000", "db": "NVD", "id": "CVE-2022-41286" }, { "date": "2023-04-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3104" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3104" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023184" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3104" } ], "trust": 0.6 } }
var-202112-0796
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15103). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0796", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-009" }, { "db": "NVD", "id": "CVE-2021-44013" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44013" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-22-009" }, { "db": "CNNVD", "id": "CNNVD-202112-1204" } ], "trust": 1.3 }, "cve": "CVE-2021-44013", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-44013", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-44013", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-44013", "trust": 1.0, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-44013", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202112-1204", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-44013", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-009" }, { "db": "VULMON", "id": "CVE-2021-44013" }, { "db": "NVD", "id": "CVE-2021-44013" }, { "db": "CNNVD", "id": "CNNVD-202112-1204" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15103). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files", "sources": [ { "db": "NVD", "id": "CVE-2021-44013" }, { "db": "ZDI", "id": "ZDI-22-009" }, { "db": "VULMON", "id": "CVE-2021-44013" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-44013", "trust": 2.4 }, { "db": "ZDI", "id": "ZDI-22-009", "trust": 2.4 }, { "db": "SIEMENS", "id": "SSA-595101", "trust": 1.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-15103", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022010614", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4300", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-350-10", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202112-1204", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-44013", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-009" }, { "db": "VULMON", "id": "CVE-2021-44013" }, { "db": "NVD", "id": "CVE-2021-44013" }, { "db": "CNNVD", "id": "CNNVD-202112-1204" } ] }, "id": "VAR-202112-0796", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:24:10.994000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdfhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10" }, { "title": "Siemens Jt2go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=174919" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=39139dcd04f2a523ea449623583b65af" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-009" }, { "db": "VULMON", "id": "CVE-2021-44013" }, { "db": "CNNVD", "id": "CNNVD-202112-1204" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44013" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-22-009/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdfhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-10" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4300" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010614" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-009" }, { "db": "VULMON", "id": "CVE-2021-44013" }, { "db": "NVD", "id": "CVE-2021-44013" }, { "db": "CNNVD", "id": "CNNVD-202112-1204" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-22-009" }, { "db": "VULMON", "id": "CVE-2021-44013" }, { "db": "NVD", "id": "CVE-2021-44013" }, { "db": "CNNVD", "id": "CNNVD-202112-1204" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-06T00:00:00", "db": "ZDI", "id": "ZDI-22-009" }, { "date": "2021-12-14T00:00:00", "db": "VULMON", "id": "CVE-2021-44013" }, { "date": "2021-12-14T12:15:10.720000", "db": "NVD", "id": "CVE-2021-44013" }, { "date": "2021-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1204" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-09T00:00:00", "db": "ZDI", "id": "ZDI-22-009" }, { "date": "2022-01-06T00:00:00", "db": "VULMON", "id": "CVE-2021-44013" }, { "date": "2022-03-30T13:15:06.467000", "db": "NVD", "id": "CVE-2021-44013" }, { "date": "2022-01-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1204" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1204" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens JT2Go JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-22-009" } ], "trust": 0.7 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1204" } ], "trust": 0.6 } }
var-202112-0477
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The VCRUNTIME140.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted CGM files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15109). This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CGM files
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0477", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-010" }, { "db": "NVD", "id": "CVE-2021-44015" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44015" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-22-010" }, { "db": "CNNVD", "id": "CNNVD-202112-1206" } ], "trust": 1.3 }, "cve": "CVE-2021-44015", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-44015", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2021-44015", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-44015", "trust": 1.0, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2021-44015", "trust": 0.7, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202112-1206", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-44015", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-010" }, { "db": "VULMON", "id": "CVE-2021-44015" }, { "db": "CNNVD", "id": "CNNVD-202112-1206" }, { "db": "NVD", "id": "CVE-2021-44015" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The VCRUNTIME140.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted CGM files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15109). This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CGM files", "sources": [ { "db": "NVD", "id": "CVE-2021-44015" }, { "db": "ZDI", "id": "ZDI-22-010" }, { "db": "VULMON", "id": "CVE-2021-44015" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-44015", "trust": 2.4 }, { "db": "ZDI", "id": "ZDI-22-010", "trust": 2.4 }, { "db": "SIEMENS", "id": "SSA-595101", "trust": 1.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-15109", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-350-10", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022010614", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4300", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202112-1206", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-44015", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-010" }, { "db": "VULMON", "id": "CVE-2021-44015" }, { "db": "CNNVD", "id": "CNNVD-202112-1206" }, { "db": "NVD", "id": "CVE-2021-44015" } ] }, "id": "VAR-202112-0477", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2024-02-13T00:53:33.673000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdfhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10" }, { "title": "Siemens Jt2go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=174921" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-010" }, { "db": "CNNVD", "id": "CNNVD-202112-1206" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44015" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-22-010/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdfhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-10" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4300" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010614" }, { "trust": 0.2, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-010" }, { "db": "VULMON", "id": "CVE-2021-44015" }, { "db": "CNNVD", "id": "CNNVD-202112-1206" }, { "db": "NVD", "id": "CVE-2021-44015" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-22-010" }, { "db": "VULMON", "id": "CVE-2021-44015" }, { "db": "CNNVD", "id": "CNNVD-202112-1206" }, { "db": "NVD", "id": "CVE-2021-44015" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-06T00:00:00", "db": "ZDI", "id": "ZDI-22-010" }, { "date": "2021-12-14T00:00:00", "db": "VULMON", "id": "CVE-2021-44015" }, { "date": "2021-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1206" }, { "date": "2021-12-14T12:15:10.823000", "db": "NVD", "id": "CVE-2021-44015" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-09T00:00:00", "db": "ZDI", "id": "ZDI-22-010" }, { "date": "2022-03-30T00:00:00", "db": "VULMON", "id": "CVE-2021-44015" }, { "date": "2022-01-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1206" }, { "date": "2022-03-30T13:04:54.240000", "db": "NVD", "id": "CVE-2021-44015" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1206" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens JT2Go CGM File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-22-010" } ], "trust": 0.7 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1206" } ], "trust": 0.6 } }
var-202112-0808
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14974). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PDF files
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0808", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-004" }, { "db": "NVD", "id": "CVE-2021-44001" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44001" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-22-004" }, { "db": "CNNVD", "id": "CNNVD-202112-1192" } ], "trust": 1.3 }, "cve": "CVE-2021-44001", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-44001", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-44001", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-44001", "trust": 1.0, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-44001", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202112-1192", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-44001", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-004" }, { "db": "VULMON", "id": "CVE-2021-44001" }, { "db": "NVD", "id": "CVE-2021-44001" }, { "db": "CNNVD", "id": "CNNVD-202112-1192" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14974). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PDF files", "sources": [ { "db": "NVD", "id": "CVE-2021-44001" }, { "db": "ZDI", "id": "ZDI-22-004" }, { "db": "VULMON", "id": "CVE-2021-44001" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-44001", "trust": 2.4 }, { "db": "ZDI", "id": "ZDI-22-004", "trust": 2.4 }, { "db": "SIEMENS", "id": "SSA-595101", "trust": 1.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-14974", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-350-10", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022010614", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4300", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202112-1192", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-44001", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-004" }, { "db": "VULMON", "id": "CVE-2021-44001" }, { "db": "NVD", "id": "CVE-2021-44001" }, { "db": "CNNVD", "id": "CNNVD-202112-1192" } ] }, "id": "VAR-202112-0808", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:37:21.530000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdfhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=175051" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=39139dcd04f2a523ea449623583b65af" }, { "title": "", "trust": 0.1, "url": "https://github.com/0xcybery/cve-t4pdf " } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-004" }, { "db": "VULMON", "id": "CVE-2021-44001" }, { "db": "CNNVD", "id": "CNNVD-202112-1192" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44001" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-22-004/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdfhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-10" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4300" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010614" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44001" }, { "trust": 0.2, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-004" }, { "db": "VULMON", "id": "CVE-2021-44001" }, { "db": "NVD", "id": "CVE-2021-44001" }, { "db": "CNNVD", "id": "CNNVD-202112-1192" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-22-004" }, { "db": "VULMON", "id": "CVE-2021-44001" }, { "db": "NVD", "id": "CVE-2021-44001" }, { "db": "CNNVD", "id": "CNNVD-202112-1192" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-06T00:00:00", "db": "ZDI", "id": "ZDI-22-004" }, { "date": "2021-12-14T00:00:00", "db": "VULMON", "id": "CVE-2021-44001" }, { "date": "2021-12-14T12:15:10.090000", "db": "NVD", "id": "CVE-2021-44001" }, { "date": "2021-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1192" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-09T00:00:00", "db": "ZDI", "id": "ZDI-22-004" }, { "date": "2022-03-30T00:00:00", "db": "VULMON", "id": "CVE-2021-44001" }, { "date": "2022-03-30T13:20:02.493000", "db": "NVD", "id": "CVE-2021-44001" }, { "date": "2022-01-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1192" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1192" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens JT2Go PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-22-004" } ], "trust": 0.7 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1192" } ], "trust": 0.6 } }
var-202207-0944
Vulnerability from variot
The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcenter Visualization prior to V14.0.0.2 contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. Siemens Datalogics File Parsing Vulnerability
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0944", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.2" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.5" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.5" } ], "sources": [ { "db": "NVD", "id": "CVE-2022-2069" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.2", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.5", "versionStartIncluding": "13.3.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-2069" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported this vulnerability to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-1226" } ], "trust": 0.6 }, "cve": "CVE-2022-2069", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-2069", "trust": 1.0, "value": "HIGH" }, { "author": "ics-cert@hq.dhs.gov", "id": "CVE-2022-2069", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202207-1226", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-2069" }, { "db": "NVD", "id": "CVE-2022-2069" }, { "db": "CNNVD", "id": "CNNVD-202207-1226" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcenter Visualization prior to V14.0.0.2 contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. Siemens Datalogics File Parsing Vulnerability", "sources": [ { "db": "NVD", "id": "CVE-2022-2069" }, { "db": "VULMON", "id": "CVE-2022-2069" } ], "trust": 0.99 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "ICS CERT", "id": "ICSA-22-195-07", "trust": 1.7 }, { "db": "NVD", "id": "CVE-2022-2069", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-829738", "trust": 1.6 }, { "db": "CS-HELP", "id": "SB2022071337", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202207-1226", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-2069", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-2069" }, { "db": "NVD", "id": "CVE-2022-2069" }, { "db": "CNNVD", "id": "CNNVD-202207-1226" } ] }, "id": "VAR-202207-0944", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T14:03:51.833000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=211645" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-1226" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2022-2069" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-07" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-829738.pdf" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-2069/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-195-07" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022071337" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-2069" }, { "db": "NVD", "id": "CVE-2022-2069" }, { "db": "CNNVD", "id": "CNNVD-202207-1226" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-2069" }, { "db": "NVD", "id": "CVE-2022-2069" }, { "db": "CNNVD", "id": "CNNVD-202207-1226" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-10-20T17:15:09.937000", "db": "NVD", "id": "CVE-2022-2069" }, { "date": "2022-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-1226" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-10-21T19:05:52.447000", "db": "NVD", "id": "CVE-2022-2069" }, { "date": "2022-10-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-1226" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-1226" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Teamcenter Visualization Buffer error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-1226" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-1226" } ], "trust": 0.6 } }
var-202106-0972
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0.3), Teamcenter Visualization (All versions < V13.1.0.3). The TIFF_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13131). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-13131 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIFF files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.3" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.3" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0.3" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-694" }, { "db": "JVNDB", "id": "JVNDB-2021-008127" }, { "db": "NVD", "id": "CVE-2021-27390" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.3", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-27390" } ] }, "credits": { "_id": null, "data": "xina1i at SecZone", "sources": [ { "db": "ZDI", "id": "ZDI-21-694" } ], "trust": 0.7 }, "cve": "CVE-2021-27390", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-27390", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-27390", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-27390", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-27390", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-27390", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202106-532", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-27390", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-694" }, { "db": "VULMON", "id": "CVE-2021-27390" }, { "db": "JVNDB", "id": "JVNDB-2021-008127" }, { "db": "NVD", "id": "CVE-2021-27390" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-532" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.3), Teamcenter Visualization (All versions \u003c V13.1.0.3). The TIFF_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13131). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-13131 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIFF files. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-27390" }, { "db": "JVNDB", "id": "JVNDB-2021-008127" }, { "db": "ZDI", "id": "ZDI-21-694" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-27390" } ], "trust": 2.88 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-27390", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-694", "trust": 2.6 }, { "db": "SIEMENS", "id": "SSA-645530", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-21-159-14", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU95781418", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-008127", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13131", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021061007", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202106-532", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-27390", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-694" }, { "db": "VULMON", "id": "CVE-2021-27390" }, { "db": "JVNDB", "id": "JVNDB-2021-008127" }, { "db": "NVD", "id": "CVE-2021-27390" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-532" } ] }, "id": "VAR-202106-0972", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:20:25.636000Z", "patch": { "_id": null, "data": [ { "title": "SSA-645530", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-645530.pdf" }, { "title": "", "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27390https://cert-portal.siemens.com/productcert/pdf/ssa-645530.pdf" }, { "title": "Siemens Jt2go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=153712" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=44cc30c2f346a7b347892b8bbde90bcc" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-694" }, { "db": "VULMON", "id": "CVE-2021-27390" }, { "db": "JVNDB", "id": "JVNDB-2021-008127" }, { "db": "CNNVD", "id": "CNNVD-202106-532" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [ Other ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-008127" }, { "db": "NVD", "id": "CVE-2021-27390" } ] }, "references": { "_id": null, "data": [ { "trust": 2.0, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-694/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-645530.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95781418/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27390" }, { "trust": 0.8, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-159-14" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27390https://cert-portal.siemens.com/productcert/pdf/ssa-645530.pdf" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021061007" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-14" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-645530.txt" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-694" }, { "db": "VULMON", "id": "CVE-2021-27390" }, { "db": "JVNDB", "id": "JVNDB-2021-008127" }, { "db": "NVD", "id": "CVE-2021-27390" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-532" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-694", "ident": null }, { "db": "VULMON", "id": "CVE-2021-27390", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-008127", "ident": null }, { "db": "NVD", "id": "CVE-2021-27390", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202106-532", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-06-17T00:00:00", "db": "ZDI", "id": "ZDI-21-694", "ident": null }, { "date": "2021-06-08T00:00:00", "db": "VULMON", "id": "CVE-2021-27390", "ident": null }, { "date": "2022-03-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-008127", "ident": null }, { "date": "2021-06-08T20:15:08.710000", "db": "NVD", "id": "CVE-2021-27390", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2021-06-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-532", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-06-17T00:00:00", "db": "ZDI", "id": "ZDI-21-694", "ident": null }, { "date": "2021-06-21T00:00:00", "db": "VULMON", "id": "CVE-2021-27390", "ident": null }, { "date": "2022-03-04T07:19:00", "db": "JVNDB", "id": "JVNDB-2021-008127", "ident": null }, { "date": "2021-06-21T22:50:02.887000", "db": "NVD", "id": "CVE-2021-27390", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2021-06-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-532", "ident": null } ] }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds Vulnerability in Microsoft", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-008127" } ], "trust": 0.8 }, "type": { "_id": null, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
var-202107-1404
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13350). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13350 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIF files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-838" }, { "db": "JVNDB", "id": "JVNDB-2021-009330" }, { "db": "NVD", "id": "CVE-2021-34309" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34309" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-838" } ], "trust": 0.7 }, "cve": "CVE-2021-34309", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34309", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34309", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34309", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34309", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34309", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-884", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-34309", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-838" }, { "db": "VULMON", "id": "CVE-2021-34309" }, { "db": "JVNDB", "id": "JVNDB-2021-009330" }, { "db": "NVD", "id": "CVE-2021-34309" }, { "db": "CNNVD", "id": "CNNVD-202107-884" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13350). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13350 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIF files", "sources": [ { "db": "NVD", "id": "CVE-2021-34309" }, { "db": "JVNDB", "id": "JVNDB-2021-009330" }, { "db": "ZDI", "id": "ZDI-21-838" }, { "db": "VULMON", "id": "CVE-2021-34309" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34309", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-838", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009330", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13350", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-884", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34309", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-838" }, { "db": "VULMON", "id": "CVE-2021-34309" }, { "db": "JVNDB", "id": "JVNDB-2021-009330" }, { "db": "NVD", "id": "CVE-2021-34309" }, { "db": "CNNVD", "id": "CNNVD-202107-884" } ] }, "id": "VAR-202107-1404", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:51:39.187000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156577" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-838" }, { "db": "VULMON", "id": "CVE-2021-34309" }, { "db": "JVNDB", "id": "JVNDB-2021-009330" }, { "db": "CNNVD", "id": "CNNVD-202107-884" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009330" }, { "db": "NVD", "id": "CVE-2021-34309" } ] }, "references": { "_id": null, "data": [ { "trust": 3.1, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-838/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34309" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-838" }, { "db": "VULMON", "id": "CVE-2021-34309" }, { "db": "JVNDB", "id": "JVNDB-2021-009330" }, { "db": "NVD", "id": "CVE-2021-34309" }, { "db": "CNNVD", "id": "CNNVD-202107-884" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-838", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34309", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009330", "ident": null }, { "db": "NVD", "id": "CVE-2021-34309", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-884", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-838", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34309", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009330", "ident": null }, { "date": "2021-07-13T11:15:11.587000", "db": "NVD", "id": "CVE-2021-34309", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-884", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-838", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "VULMON", "id": "CVE-2021-34309", "ident": null }, { "date": "2022-04-20T08:51:00", "db": "JVNDB", "id": "JVNDB-2021-009330", "ident": null }, { "date": "2021-07-27T15:25:10.160000", "db": "NVD", "id": "CVE-2021-34309", "ident": null }, { "date": "2021-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-884", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-884" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009330" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-884" } ], "trust": 0.6 } }
var-202309-0574
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20826). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of WRL files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202309-0574", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "tecnomatix plant simulation", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2201.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.6" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.3.0.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.4.0.12" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.11" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.3.0.1" }, { "model": "tecnomatix plant simulation", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2302.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.2" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.3" }, { "model": "tecnomatix plant simulation", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2201.0010" }, { "model": "tecnomatix plant simulation", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2302.0004" }, { "model": "tecnomatix plant simulation", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1629" }, { "db": "NVD", "id": "CVE-2023-38073" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-23-1629" } ], "trust": 0.7 }, "cve": "CVE-2023-38073", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2023-38073", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2023-38073", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2023-38073", "trust": 1.0, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2023-38073", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1629" }, { "db": "NVD", "id": "CVE-2023-38073" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.1), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions \u003c V2201.0010), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20826). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of WRL files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition", "sources": [ { "db": "NVD", "id": "CVE-2023-38073" }, { "db": "ZDI", "id": "ZDI-23-1629" }, { "db": "VULMON", "id": "CVE-2023-38073" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-38073", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-278349", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-478780", "trust": 1.0 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-20826", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-1629", "trust": 0.7 }, { "db": "VULMON", "id": "CVE-2023-38073", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1629" }, { "db": "VULMON", "id": "CVE-2023-38073" }, { "db": "NVD", "id": "CVE-2023-38073" } ] }, "id": "VAR-202309-0574", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.2690208 }, "last_update_date": "2024-08-14T12:32:48.971000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-278349.html" } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1629" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-843", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-38073" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" }, { "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-278349.html" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/843.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-1629" }, { "db": "VULMON", "id": "CVE-2023-38073" }, { "db": "NVD", "id": "CVE-2023-38073" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-23-1629" }, { "db": "VULMON", "id": "CVE-2023-38073" }, { "db": "NVD", "id": "CVE-2023-38073" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-14T00:00:00", "db": "ZDI", "id": "ZDI-23-1629" }, { "date": "2023-09-12T00:00:00", "db": "VULMON", "id": "CVE-2023-38073" }, { "date": "2023-09-12T10:15:28.113000", "db": "NVD", "id": "CVE-2023-38073" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-14T00:00:00", "db": "ZDI", "id": "ZDI-23-1629" }, { "date": "2023-09-12T00:00:00", "db": "VULMON", "id": "CVE-2023-38073" }, { "date": "2024-02-16T15:06:11.690000", "db": "NVD", "id": "CVE-2023-38073" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Tecnomatix Plant Simulation WRL File Parsing Type Confusion Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-23-1629" } ], "trust": 0.7 } }
var-202112-0799
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0799", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.5" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44010" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.5", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44010" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro\u2019s Zero Day Initiative and Jin Huang from ADLab reported these vulnerabilities.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1201" } ], "trust": 0.6 }, "cve": "CVE-2021-44010", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-44010", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202112-1201", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44010" }, { "db": "CNNVD", "id": "CNNVD-202112-1201" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process.", "sources": [ { "db": "NVD", "id": "CVE-2021-44010" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SIEMENS", "id": "SSA-595101", "trust": 1.6 }, { "db": "NVD", "id": "CVE-2021-44010", "trust": 1.6 }, { "db": "CS-HELP", "id": "SB2022010614", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-350-10", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4300", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202112-1201", "trust": 0.6 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44010" }, { "db": "CNNVD", "id": "CNNVD-202112-1201" } ] }, "id": "VAR-202112-0799", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:27:24.638000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens Jt2go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=174916" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1201" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44010" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-10" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4300" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010614" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44010" }, { "db": "CNNVD", "id": "CNNVD-202112-1201" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "NVD", "id": "CVE-2021-44010" }, { "db": "CNNVD", "id": "CNNVD-202112-1201" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-14T12:15:10.563000", "db": "NVD", "id": "CVE-2021-44010" }, { "date": "2021-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1201" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-15T13:23:02.493000", "db": "NVD", "id": "CVE-2021-44010" }, { "date": "2022-01-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1201" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1201" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Jt2go Buffer error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1201" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1201" } ], "trust": 0.6 } }
var-202101-0342
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11890). JT2Go and Teamcenter Visualization Has XML An external entity vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-11890 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PLMXML files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT,
VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-048" }, { "db": "CNVD", "id": "CNVD-2021-02590" }, { "db": "JVNDB", "id": "JVNDB-2020-015263" }, { "db": "NVD", "id": "CVE-2020-26981" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-21-048" } ], "trust": 0.7 }, "cve": "CVE-2020-26981", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-26981", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.6, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2021-02590", "impactScore": 7.8, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2020-26981", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-26981", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-26981", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-26981", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2020-26981", "trust": 0.8, "value": "Medium" }, { "author": "ZDI", "id": "CVE-2020-26981", "trust": 0.7, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2021-02590", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202101-923", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-048" }, { "db": "CNVD", "id": "CNVD-2021-02590" }, { "db": "JVNDB", "id": "JVNDB-2020-015263" }, { "db": "CNNVD", "id": "CNNVD-202101-923" }, { "db": "NVD", "id": "CVE-2020-26981" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11890). JT2Go and Teamcenter Visualization Has XML An external entity vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-11890 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PLMXML files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT,\r\n\r\nVFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment", "sources": [ { "db": "NVD", "id": "CVE-2020-26981" }, { "db": "JVNDB", "id": "JVNDB-2020-015263" }, { "db": "ZDI", "id": "ZDI-21-048" }, { "db": "CNVD", "id": "CNVD-2021-02590" } ], "trust": 2.79 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-26981", "trust": 3.7 }, { "db": "ZDI", "id": "ZDI-21-048", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-622830", "trust": 2.2 }, { "db": "JVN", "id": "JVNVU91685542", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015263", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11890", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2021-02590", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0125", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-012-03", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-923", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-048" }, { "db": "CNVD", "id": "CNVD-2021-02590" }, { "db": "JVNDB", "id": "JVNDB-2020-015263" }, { "db": "CNNVD", "id": "CNNVD-202101-923" }, { "db": "NVD", "id": "CVE-2020-26981" } ] }, "id": "VAR-202101-0342", "iot": { "_id": null, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-02590" } ], "trust": 0.06 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02590" } ] }, "last_update_date": "2024-11-23T21:02:57.121000Z", "patch": { "_id": null, "data": [ { "title": "SSA-622830", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "title": "Patch for JT2Go and Teamcenter VisualizationXML External Entity Reference Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/244006" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138851" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-048" }, { "db": "CNVD", "id": "CNVD-2021-02590" }, { "db": "JVNDB", "id": "JVNDB-2020-015263" }, { "db": "CNNVD", "id": "CNNVD-202101-923" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-611", "trust": 1.0 }, { "problemtype": "XML Improper restrictions on external entity references (CWE-611) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015263" }, { "db": "NVD", "id": "CVE-2020-26981" } ] }, "references": { "_id": null, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-048/" }, { "trust": 2.2, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26981" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91685542/" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0125/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-048" }, { "db": "CNVD", "id": "CNVD-2021-02590" }, { "db": "JVNDB", "id": "JVNDB-2020-015263" }, { "db": "CNNVD", "id": "CNNVD-202101-923" }, { "db": "NVD", "id": "CVE-2020-26981" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-048", "ident": null }, { "db": "CNVD", "id": "CNVD-2021-02590", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015263", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202101-923", "ident": null }, { "db": "NVD", "id": "CVE-2020-26981", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-048", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02590", "ident": null }, { "date": "2021-09-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015263", "ident": null }, { "date": "2021-01-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-923", "ident": null }, { "date": "2021-01-12T21:15:16.683000", "db": "NVD", "id": "CVE-2020-26981", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-048", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02590", "ident": null }, { "date": "2021-09-15T08:33:00", "db": "JVNDB", "id": "JVNDB-2020-015263", "ident": null }, { "date": "2021-02-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-923", "ident": null }, { "date": "2024-11-21T05:20:37.307000", "db": "NVD", "id": "CVE-2020-26981", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-923" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 In \u00a0XML\u00a0 External entity vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015263" } ], "trust": 0.8 }, "type": { "_id": null, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-923" } ], "trust": 0.6 } }
var-202107-1378
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13023. JT2Go and Teamcenter Visualization There are input validation and out-of-bounds read vulnerabilities. Zero Day Initiative To this vulnerability ZDI-CAN-13023 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of GIF files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-851" }, { "db": "JVNDB", "id": "JVNDB-2021-009345" }, { "db": "NVD", "id": "CVE-2021-34294" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34294" } ] }, "credits": { "_id": null, "data": "xina1i at SecZone", "sources": [ { "db": "ZDI", "id": "ZDI-21-851" } ], "trust": 0.7 }, "cve": "CVE-2021-34294", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34294", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34294", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34294", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34294", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34294", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-864", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-34294", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-851" }, { "db": "VULMON", "id": "CVE-2021-34294" }, { "db": "JVNDB", "id": "JVNDB-2021-009345" }, { "db": "NVD", "id": "CVE-2021-34294" }, { "db": "CNNVD", "id": "CNNVD-202107-864" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13023. JT2Go and Teamcenter Visualization There are input validation and out-of-bounds read vulnerabilities. Zero Day Initiative To this vulnerability ZDI-CAN-13023 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of GIF files", "sources": [ { "db": "NVD", "id": "CVE-2021-34294" }, { "db": "JVNDB", "id": "JVNDB-2021-009345" }, { "db": "ZDI", "id": "ZDI-21-851" }, { "db": "VULMON", "id": "CVE-2021-34294" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34294", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-851", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009345", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13023", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-864", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34294", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-851" }, { "db": "VULMON", "id": "CVE-2021-34294" }, { "db": "JVNDB", "id": "JVNDB-2021-009345" }, { "db": "NVD", "id": "CVE-2021-34294" }, { "db": "CNNVD", "id": "CNNVD-202107-864" } ] }, "id": "VAR-202107-1378", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:55:45.787000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156557" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-851" }, { "db": "VULMON", "id": "CVE-2021-34294" }, { "db": "JVNDB", "id": "JVNDB-2021-009345" }, { "db": "CNNVD", "id": "CNNVD-202107-864" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009345" }, { "db": "NVD", "id": "CVE-2021-34294" } ] }, "references": { "_id": null, "data": [ { "trust": 2.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-851/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34294" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-851" }, { "db": "VULMON", "id": "CVE-2021-34294" }, { "db": "JVNDB", "id": "JVNDB-2021-009345" }, { "db": "NVD", "id": "CVE-2021-34294" }, { "db": "CNNVD", "id": "CNNVD-202107-864" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-851", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34294", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009345", "ident": null }, { "db": "NVD", "id": "CVE-2021-34294", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-864", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-851", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34294", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009345", "ident": null }, { "date": "2021-07-13T11:15:10.463000", "db": "NVD", "id": "CVE-2021-34294", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-864", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-851", "ident": null }, { "date": "2021-07-27T00:00:00", "db": "VULMON", "id": "CVE-2021-34294", "ident": null }, { "date": "2022-04-20T09:06:00", "db": "JVNDB", "id": "JVNDB-2021-009345", "ident": null }, { "date": "2021-07-27T16:23:58.063000", "db": "NVD", "id": "CVE-2021-34294", "ident": null }, { "date": "2021-08-02T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-864", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-864" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009345" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-864" } ], "trust": 0.6 } }
var-202107-1405
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13351). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13351 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIF files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-839" }, { "db": "JVNDB", "id": "JVNDB-2021-009327" }, { "db": "NVD", "id": "CVE-2021-34310" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34310" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-839" } ], "trust": 0.7 }, "cve": "CVE-2021-34310", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34310", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34310", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34310", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34310", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34310", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-887", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-34310", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-839" }, { "db": "VULMON", "id": "CVE-2021-34310" }, { "db": "JVNDB", "id": "JVNDB-2021-009327" }, { "db": "NVD", "id": "CVE-2021-34310" }, { "db": "CNNVD", "id": "CNNVD-202107-887" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13351). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13351 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIF files", "sources": [ { "db": "NVD", "id": "CVE-2021-34310" }, { "db": "JVNDB", "id": "JVNDB-2021-009327" }, { "db": "ZDI", "id": "ZDI-21-839" }, { "db": "VULMON", "id": "CVE-2021-34310" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34310", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-839", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009327", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13351", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-887", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34310", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-839" }, { "db": "VULMON", "id": "CVE-2021-34310" }, { "db": "JVNDB", "id": "JVNDB-2021-009327" }, { "db": "NVD", "id": "CVE-2021-34310" }, { "db": "CNNVD", "id": "CNNVD-202107-887" } ] }, "id": "VAR-202107-1405", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:39:54.506000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156580" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-839" }, { "db": "VULMON", "id": "CVE-2021-34310" }, { "db": "JVNDB", "id": "JVNDB-2021-009327" }, { "db": "CNNVD", "id": "CNNVD-202107-887" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009327" }, { "db": "NVD", "id": "CVE-2021-34310" } ] }, "references": { "_id": null, "data": [ { "trust": 3.1, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-839/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34310" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-839" }, { "db": "VULMON", "id": "CVE-2021-34310" }, { "db": "JVNDB", "id": "JVNDB-2021-009327" }, { "db": "NVD", "id": "CVE-2021-34310" }, { "db": "CNNVD", "id": "CNNVD-202107-887" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-839", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34310", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009327", "ident": null }, { "db": "NVD", "id": "CVE-2021-34310", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-887", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-839", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34310", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009327", "ident": null }, { "date": "2021-07-13T11:15:11.673000", "db": "NVD", "id": "CVE-2021-34310", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-887", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-839", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "VULMON", "id": "CVE-2021-34310", "ident": null }, { "date": "2022-04-20T08:39:00", "db": "JVNDB", "id": "JVNDB-2021-009327", "ident": null }, { "date": "2021-07-27T15:24:22.687000", "db": "NVD", "id": "CVE-2021-34310", "ident": null }, { "date": "2021-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-887", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-887" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009327" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-887" } ], "trust": 0.6 } }
var-202107-1380
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13057). JT2Go and Teamcenter Visualization There are input validation and out-of-bounds read vulnerabilities. Zero Day Initiative To this vulnerability ZDI-CAN-13057 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BMP files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-831" }, { "db": "JVNDB", "id": "JVNDB-2021-009343" }, { "db": "NVD", "id": "CVE-2021-34296" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34296" } ] }, "credits": { "_id": null, "data": "xina1i at SecZone", "sources": [ { "db": "ZDI", "id": "ZDI-21-831" } ], "trust": 0.7 }, "cve": "CVE-2021-34296", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34296", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34296", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2021-34296", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34296", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34296", "trust": 0.7, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202107-868", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-34296", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-831" }, { "db": "VULMON", "id": "CVE-2021-34296" }, { "db": "JVNDB", "id": "JVNDB-2021-009343" }, { "db": "NVD", "id": "CVE-2021-34296" }, { "db": "CNNVD", "id": "CNNVD-202107-868" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13057). JT2Go and Teamcenter Visualization There are input validation and out-of-bounds read vulnerabilities. Zero Day Initiative To this vulnerability ZDI-CAN-13057 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BMP files", "sources": [ { "db": "NVD", "id": "CVE-2021-34296" }, { "db": "JVNDB", "id": "JVNDB-2021-009343" }, { "db": "ZDI", "id": "ZDI-21-831" }, { "db": "VULMON", "id": "CVE-2021-34296" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34296", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-831", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009343", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13057", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-868", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34296", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-831" }, { "db": "VULMON", "id": "CVE-2021-34296" }, { "db": "JVNDB", "id": "JVNDB-2021-009343" }, { "db": "NVD", "id": "CVE-2021-34296" }, { "db": "CNNVD", "id": "CNNVD-202107-868" } ] }, "id": "VAR-202107-1380", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:20:52.093000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156561" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-831" }, { "db": "VULMON", "id": "CVE-2021-34296" }, { "db": "JVNDB", "id": "JVNDB-2021-009343" }, { "db": "CNNVD", "id": "CNNVD-202107-868" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009343" }, { "db": "NVD", "id": "CVE-2021-34296" } ] }, "references": { "_id": null, "data": [ { "trust": 2.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-831/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34296" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-831" }, { "db": "VULMON", "id": "CVE-2021-34296" }, { "db": "JVNDB", "id": "JVNDB-2021-009343" }, { "db": "NVD", "id": "CVE-2021-34296" }, { "db": "CNNVD", "id": "CNNVD-202107-868" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-831", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34296", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009343", "ident": null }, { "db": "NVD", "id": "CVE-2021-34296", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-868", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-831", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34296", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009343", "ident": null }, { "date": "2021-07-13T11:15:10.603000", "db": "NVD", "id": "CVE-2021-34296", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-868", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-831", "ident": null }, { "date": "2021-07-27T00:00:00", "db": "VULMON", "id": "CVE-2021-34296", "ident": null }, { "date": "2022-04-20T09:05:00", "db": "JVNDB", "id": "JVNDB-2021-009343", "ident": null }, { "date": "2021-07-27T14:20:25.217000", "db": "NVD", "id": "CVE-2021-34296", "ident": null }, { "date": "2021-08-02T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-868", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-868" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009343" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-868" } ], "trust": 0.6 } }
var-202306-0901
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a memory corruption vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202306-0901", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.3" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.10" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.3" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.2" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.13" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.6" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.8" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008587" }, { "db": "NVD", "id": "CVE-2023-33124" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.13", "versionStartIncluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.2.0.3", "versionStartIncluding": "14.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.2.0.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.10", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.6", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.8", "versionStartIncluding": "14.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-33124" } ] }, "cve": "CVE-2023-33124", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-33124", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-33124", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2023-33124", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202306-879", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008587" }, { "db": "NVD", "id": "CVE-2023-33124" }, { "db": "NVD", "id": "CVE-2023-33124" }, { "db": "CNNVD", "id": "CNNVD-202306-879" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.2.0.3), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.13), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.10), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.6), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.8), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.3). The affected applications contain a memory corruption vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. Siemens\u0027 JT2Go and Teamcenter Visualization Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-33124" }, { "db": "JVNDB", "id": "JVNDB-2023-008587" }, { "db": "VULMON", "id": "CVE-2023-33124" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-33124", "trust": 3.3 }, { "db": "SIEMENS", "id": "SSA-538795", "trust": 2.5 }, { "db": "ICS CERT", "id": "ICSA-23-166-14", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU99464755", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-008587", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202306-879", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-33124", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-33124" }, { "db": "JVNDB", "id": "JVNDB-2023-008587" }, { "db": "NVD", "id": "CVE-2023-33124" }, { "db": "CNNVD", "id": "CNNVD-202306-879" } ] }, "id": "VAR-202306-0901", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:59:41.973000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens JT2Go Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=242503" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-879" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008587" }, { "db": "NVD", "id": "CVE-2023-33124" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu99464755/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-33124" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-14" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-33124/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-33124" }, { "db": "JVNDB", "id": "JVNDB-2023-008587" }, { "db": "NVD", "id": "CVE-2023-33124" }, { "db": "CNNVD", "id": "CNNVD-202306-879" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2023-33124" }, { "db": "JVNDB", "id": "JVNDB-2023-008587" }, { "db": "NVD", "id": "CVE-2023-33124" }, { "db": "CNNVD", "id": "CNNVD-202306-879" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-13T00:00:00", "db": "VULMON", "id": "CVE-2023-33124" }, { "date": "2023-12-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-008587" }, { "date": "2023-06-13T09:15:18.500000", "db": "NVD", "id": "CVE-2023-33124" }, { "date": "2023-06-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202306-879" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-13T00:00:00", "db": "VULMON", "id": "CVE-2023-33124" }, { "date": "2023-12-01T08:15:00", "db": "JVNDB", "id": "JVNDB-2023-008587" }, { "date": "2023-06-21T20:40:11.047000", "db": "NVD", "id": "CVE-2023-33124" }, { "date": "2023-06-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202306-879" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-879" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds write vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008587" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-879" } ], "trust": 0.6 } }
var-202212-1171
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens' JT2Go and Teamcenter Visualization for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1171", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.12" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.6" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.8" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "jt2go", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.4" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023193" }, { "db": "NVD", "id": "CVE-2022-41279" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.4", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.8", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.12", "versionStartIncluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-41279" } ] }, "cve": "CVE-2022-41279", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "productcert@siemens.com", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "OTHER", "availabilityImpact": "Low", "baseScore": 3.3, "baseSeverity": "Low", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2022-023193", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2022-41279", "trust": 1.0, "value": "LOW" }, { "author": "NVD", "id": "CVE-2022-41279", "trust": 1.0, "value": "MEDIUM" }, { "author": "OTHER", "id": "JVNDB-2022-023193", "trust": 0.8, "value": "Low" }, { "author": "CNNVD", "id": "CNNVD-202212-3113", "trust": 0.6, "value": "LOW" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023193" }, { "db": "NVD", "id": "CVE-2022-41279" }, { "db": "NVD", "id": "CVE-2022-41279" }, { "db": "CNNVD", "id": "CNNVD-202212-3113" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens\u0027 JT2Go and Teamcenter Visualization for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-41279" }, { "db": "JVNDB", "id": "JVNDB-2022-023193" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-41279", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-700053", "trust": 2.4 }, { "db": "ICS CERT", "id": "ICSA-22-349-20", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU91561630", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-023193", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202212-3113", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023193" }, { "db": "NVD", "id": "CVE-2022-41279" }, { "db": "CNNVD", "id": "CNNVD-202212-3113" } ] }, "id": "VAR-202212-1171", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:42:21.939000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens part of the product Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=228956" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3113" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.0 }, { "problemtype": "NULL Pointer dereference (CWE-476) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023193" }, { "db": "NVD", "id": "CVE-2022-41279" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91561630/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41279" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-20" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-41279/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023193" }, { "db": "NVD", "id": "CVE-2022-41279" }, { "db": "CNNVD", "id": "CNNVD-202212-3113" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2022-023193" }, { "db": "NVD", "id": "CVE-2022-41279" }, { "db": "CNNVD", "id": "CNNVD-202212-3113" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-023193" }, { "date": "2022-12-13T16:15:22.193000", "db": "NVD", "id": "CVE-2022-41279" }, { "date": "2022-12-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3113" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-28T02:23:00", "db": "JVNDB", "id": "JVNDB-2022-023193" }, { "date": "2023-04-11T10:15:16.687000", "db": "NVD", "id": "CVE-2022-41279" }, { "date": "2023-04-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3113" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3113" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023193" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3113" } ], "trust": 0.6 } }
var-202304-1229
Vulnerability from variot
Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process. The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. This could allow an malicious user to execute code in the context of the current process
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-1229", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.2" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.7" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.5" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.2" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.2" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.13" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.9" } ], "sources": [ { "db": "NVD", "id": "CVE-2023-1709" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.2.0.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.13", "versionStartIncluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.9", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.5", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.7", "versionStartIncluding": "14.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.2.0.2", "versionStartIncluding": "14.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-1709" } ] }, "cve": "CVE-2023-1709", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-1709", "trust": 1.0, "value": "HIGH" }, { "author": "ics-cert@hq.dhs.gov", "id": "CVE-2023-1709", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202304-1222", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-1709" }, { "db": "NVD", "id": "CVE-2023-1709" }, { "db": "CNNVD", "id": "CNNVD-202304-1222" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "\nDatalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process. The APDFL.dll contains a memory corruption vulnerability while parsing \nspecially crafted PDF files. This could allow an malicious user to execute \ncode in the context of the current process", "sources": [ { "db": "NVD", "id": "CVE-2023-1709" }, { "db": "VULMON", "id": "CVE-2023-1709" } ], "trust": 0.99 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "ICS CERT", "id": "ICSA-23-103-11", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-629917", "trust": 1.7 }, { "db": "NVD", "id": "CVE-2023-1709", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-23-164-01", "trust": 1.6 }, { "db": "AUSCERT", "id": "ESB-2023.2160", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202304-1222", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-1709", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-1709" }, { "db": "NVD", "id": "CVE-2023-1709" }, { "db": "CNNVD", "id": "CNNVD-202304-1222" } ] }, "id": "VAR-202304-1229", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T12:33:50.588000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens Teamcenter Visualization Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=240818" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-1222" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-121", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-1709" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-629917.html" }, { "trust": 1.7, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-11" }, { "trust": 1.6, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-164-01" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.2160" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-1709/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/121.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-1709" }, { "db": "NVD", "id": "CVE-2023-1709" }, { "db": "CNNVD", "id": "CNNVD-202304-1222" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2023-1709" }, { "db": "NVD", "id": "CVE-2023-1709" }, { "db": "CNNVD", "id": "CNNVD-202304-1222" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-07T00:00:00", "db": "VULMON", "id": "CVE-2023-1709" }, { "date": "2023-06-07T21:15:12.933000", "db": "NVD", "id": "CVE-2023-1709" }, { "date": "2023-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-1222" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-07T00:00:00", "db": "VULMON", "id": "CVE-2023-1709" }, { "date": "2023-11-07T04:04:41.863000", "db": "NVD", "id": "CVE-2023-1709" }, { "date": "2023-06-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-1222" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-1222" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Teamcenter Visualization Security hole", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-1222" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-1222" } ], "trust": 0.6 } }
var-202205-0951
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. Siemens JT2GO and Teamcenter Visualization
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0951", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.1" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.3" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.3" } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29033" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.1", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.3", "versionStartIncluding": "13.3", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29033" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "reported these vulnerabilities to CISA., of ADLab of Venustech,Jin Huang", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3131" } ], "trust": 0.6 }, "cve": "CVE-2022-29033", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-29033", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202205-3131", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29033" }, { "db": "CNNVD", "id": "CNNVD-202205-3131" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.3.0.3), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.3), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. Siemens JT2GO and Teamcenter Visualization", "sources": [ { "db": "NVD", "id": "CVE-2022-29033" }, { "db": "VULMON", "id": "CVE-2022-29033" } ], "trust": 0.99 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-29033", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-553086", "trust": 1.6 }, { "db": "ICS CERT", "id": "ICSA-22-132-09", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022051211", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.2350", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202205-3131", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-29033", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-29033" }, { "db": "NVD", "id": "CVE-2022-29033" }, { "db": "CNNVD", "id": "CNNVD-202205-3131" } ] }, "id": "VAR-202205-0951", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:56:05.418000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens JT2GO and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=192514" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3131" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-824", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29033" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-132-09" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-29033/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.2350" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022051211" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-09" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-29033" }, { "db": "NVD", "id": "CVE-2022-29033" }, { "db": "CNNVD", "id": "CNNVD-202205-3131" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-29033" }, { "db": "NVD", "id": "CVE-2022-29033" }, { "db": "CNNVD", "id": "CNNVD-202205-3131" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-20T13:15:15.790000", "db": "NVD", "id": "CVE-2022-29033" }, { "date": "2022-05-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202205-3131" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-26T22:43:22.600000", "db": "NVD", "id": "CVE-2022-29033" }, { "date": "2022-05-30T00:00:00", "db": "CNNVD", "id": "CNNVD-202205-3131" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3131" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens JT2GO and Siemens Teamcenter Visualization Buffer error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3131" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3131" } ], "trust": 0.6 } }
var-202107-1419
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13420). JT2Go and Teamcenter Visualization Is vulnerable to the use of freed memory. Zero Day Initiative To this vulnerability ZDI-CAN-13420 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-862" }, { "db": "JVNDB", "id": "JVNDB-2021-009281" }, { "db": "NVD", "id": "CVE-2021-34324" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34324" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-862" } ], "trust": 0.7 }, "cve": "CVE-2021-34324", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34324", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34324", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34324", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34324", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34324", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-920", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-34324", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-862" }, { "db": "VULMON", "id": "CVE-2021-34324" }, { "db": "JVNDB", "id": "JVNDB-2021-009281" }, { "db": "NVD", "id": "CVE-2021-34324" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-920" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13420). JT2Go and Teamcenter Visualization Is vulnerable to the use of freed memory. Zero Day Initiative To this vulnerability ZDI-CAN-13420 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-34324" }, { "db": "JVNDB", "id": "JVNDB-2021-009281" }, { "db": "ZDI", "id": "ZDI-21-862" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-34324" } ], "trust": 2.88 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34324", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-862", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009281", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13420", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021071508", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-920", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34324", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-862" }, { "db": "VULMON", "id": "CVE-2021-34324" }, { "db": "JVNDB", "id": "JVNDB-2021-009281" }, { "db": "NVD", "id": "CVE-2021-34324" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-920" } ] }, "id": "VAR-202107-1419", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:12:13.840000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156613" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-862" }, { "db": "VULMON", "id": "CVE-2021-34324" }, { "db": "JVNDB", "id": "JVNDB-2021-009281" }, { "db": "CNNVD", "id": "CNNVD-202107-920" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-416", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Use of freed memory (CWE-416) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009281" }, { "db": "NVD", "id": "CVE-2021-34324" } ] }, "references": { "_id": null, "data": [ { "trust": 3.1, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-862/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34324" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071508" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-862" }, { "db": "VULMON", "id": "CVE-2021-34324" }, { "db": "JVNDB", "id": "JVNDB-2021-009281" }, { "db": "NVD", "id": "CVE-2021-34324" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-920" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-862", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34324", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009281", "ident": null }, { "db": "NVD", "id": "CVE-2021-34324", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-920", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-862", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34324", "ident": null }, { "date": "2022-04-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009281", "ident": null }, { "date": "2021-07-13T11:15:12.773000", "db": "NVD", "id": "CVE-2021-34324", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-920", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-862", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "VULMON", "id": "CVE-2021-34324", "ident": null }, { "date": "2022-04-19T09:37:00", "db": "JVNDB", "id": "JVNDB-2021-009281", "ident": null }, { "date": "2021-07-27T15:02:43.143000", "db": "NVD", "id": "CVE-2021-34324", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2021-08-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-920", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-920" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Vulnerabilities in the use of freed memory", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009281" } ], "trust": 0.8 }, "type": { "_id": null, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
var-202108-1313
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2.0.1), Teamcenter Visualization (All versions < V13.2.0.1). When parsing specially crafted CGM Files, a NULL pointer deference condition could cause the application to crash. The application must be restarted to restore the service. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application. JT2Go and Teamcenter Visualization for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202108-1313", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.1" }, { "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2.0.1" }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-010199" }, { "db": "NVD", "id": "CVE-2021-33717" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-33717" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Kai Wang from Codesafe Team of Legendsec at Qi\u2019anxin Group, and Open Design Alliance reported these vulnerabilities to CISA.,Mat Powell and Brian Gorenc of Trend Micro\u2019s Zero Day Initiative", "sources": [ { "db": "CNNVD", "id": "CNNVD-202108-968" } ], "trust": 0.6 }, "cve": "CVE-2021-33717", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-33717", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-33717", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-33717", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202108-968", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-33717", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-33717" }, { "db": "JVNDB", "id": "JVNDB-2021-010199" }, { "db": "NVD", "id": "CVE-2021-33717" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202108-968" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.1), Teamcenter Visualization (All versions \u003c V13.2.0.1). When parsing specially crafted CGM Files, a NULL pointer deference condition could cause the application to crash. The application must be restarted to restore the service. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application. JT2Go and Teamcenter Visualization for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-33717" }, { "db": "JVNDB", "id": "JVNDB-2021-010199" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-33717" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-33717", "trust": 3.3 }, { "db": "SIEMENS", "id": "SSA-365397", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-21-222-01", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU99791395", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-010199", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021081108", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2700", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202108-968", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-33717", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-33717" }, { "db": "JVNDB", "id": "JVNDB-2021-010199" }, { "db": "NVD", "id": "CVE-2021-33717" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202108-968" } ] }, "id": "VAR-202108-1313", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:52:36.043000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-365397", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "title": "JT2Go and Teamcenter Visualization Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=159361" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b2237aa5ac819041f827cc4fd4128631" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-33717" }, { "db": "JVNDB", "id": "JVNDB-2021-010199" }, { "db": "CNNVD", "id": "CNNVD-202108-968" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.0 }, { "problemtype": "NULL Pointer dereference (CWE-476) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-010199" }, { "db": "NVD", "id": "CVE-2021-33717" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu99791395/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33717" }, { "trust": 0.8, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-222-01" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021081108" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2700" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/476.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-365397.txt" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-33717" }, { "db": "JVNDB", "id": "JVNDB-2021-010199" }, { "db": "NVD", "id": "CVE-2021-33717" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202108-968" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-33717" }, { "db": "JVNDB", "id": "JVNDB-2021-010199" }, { "db": "NVD", "id": "CVE-2021-33717" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202108-968" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-08-10T00:00:00", "db": "VULMON", "id": "CVE-2021-33717" }, { "date": "2022-06-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-010199" }, { "date": "2021-08-10T11:15:09.040000", "db": "NVD", "id": "CVE-2021-33717" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-08-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202108-968" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-08-18T00:00:00", "db": "VULMON", "id": "CVE-2021-33717" }, { "date": "2022-06-24T02:36:00", "db": "JVNDB", "id": "JVNDB-2021-010199" }, { "date": "2021-08-18T13:46:06.787000", "db": "NVD", "id": "CVE-2021-33717" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-08-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202108-968" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202108-968" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-010199" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
var-202107-1384
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13194). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13194 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIF files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-846" }, { "db": "JVNDB", "id": "JVNDB-2021-009338" }, { "db": "NVD", "id": "CVE-2021-34300" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34300" } ] }, "credits": { "_id": null, "data": "xina1i at SecZone", "sources": [ { "db": "ZDI", "id": "ZDI-21-846" } ], "trust": 0.7 }, "cve": "CVE-2021-34300", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34300", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34300", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34300", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34300", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34300", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-875", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-34300", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-846" }, { "db": "VULMON", "id": "CVE-2021-34300" }, { "db": "JVNDB", "id": "JVNDB-2021-009338" }, { "db": "NVD", "id": "CVE-2021-34300" }, { "db": "CNNVD", "id": "CNNVD-202107-875" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13194). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13194 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIF files", "sources": [ { "db": "NVD", "id": "CVE-2021-34300" }, { "db": "JVNDB", "id": "JVNDB-2021-009338" }, { "db": "ZDI", "id": "ZDI-21-846" }, { "db": "VULMON", "id": "CVE-2021-34300" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34300", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-846", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009338", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13194", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-875", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34300", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-846" }, { "db": "VULMON", "id": "CVE-2021-34300" }, { "db": "JVNDB", "id": "JVNDB-2021-009338" }, { "db": "NVD", "id": "CVE-2021-34300" }, { "db": "CNNVD", "id": "CNNVD-202107-875" } ] }, "id": "VAR-202107-1384", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:53:38.435000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156568" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-846" }, { "db": "VULMON", "id": "CVE-2021-34300" }, { "db": "JVNDB", "id": "JVNDB-2021-009338" }, { "db": "CNNVD", "id": "CNNVD-202107-875" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009338" }, { "db": "NVD", "id": "CVE-2021-34300" } ] }, "references": { "_id": null, "data": [ { "trust": 3.1, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-846/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34300" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-846" }, { "db": "VULMON", "id": "CVE-2021-34300" }, { "db": "JVNDB", "id": "JVNDB-2021-009338" }, { "db": "NVD", "id": "CVE-2021-34300" }, { "db": "CNNVD", "id": "CNNVD-202107-875" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-846", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34300", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009338", "ident": null }, { "db": "NVD", "id": "CVE-2021-34300", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-875", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-846", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34300", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009338", "ident": null }, { "date": "2021-07-13T11:15:10.903000", "db": "NVD", "id": "CVE-2021-34300", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-875", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-846", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "VULMON", "id": "CVE-2021-34300", "ident": null }, { "date": "2022-04-20T09:02:00", "db": "JVNDB", "id": "JVNDB-2021-009338", "ident": null }, { "date": "2021-07-27T15:26:01.230000", "db": "NVD", "id": "CVE-2021-34300", "ident": null }, { "date": "2021-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-875", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-875" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009338" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-875" } ], "trust": 0.6 } }
var-202107-1422
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing ASM files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13423). Zero Day Initiative To this vulnerability ZDI-CAN-13423 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of ASM files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "solid edge", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "se2021" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "solid edge", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "se2021" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "solid edge", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-865" }, { "db": "JVNDB", "id": "JVNDB-2021-009278" }, { "db": "NVD", "id": "CVE-2021-34327" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "se2021", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34327" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-865" } ], "trust": 0.7 }, "cve": "CVE-2021-34327", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34327", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34327", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34327", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34327", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34327", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-924", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-34327", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-865" }, { "db": "VULMON", "id": "CVE-2021-34327" }, { "db": "JVNDB", "id": "JVNDB-2021-009278" }, { "db": "NVD", "id": "CVE-2021-34327" }, { "db": "CNNVD", "id": "CNNVD-202107-924" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Solid Edge SE2021 (All Versions \u003c SE2021MP5), Teamcenter Visualization (All versions \u003c V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing ASM files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13423). Zero Day Initiative To this vulnerability ZDI-CAN-13423 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of ASM files. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-34327" }, { "db": "JVNDB", "id": "JVNDB-2021-009278" }, { "db": "ZDI", "id": "ZDI-21-865" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-34327" } ], "trust": 2.88 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34327", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-865", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-173615", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009278", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13423", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.2403", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021071508", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-924", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34327", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-865" }, { "db": "VULMON", "id": "CVE-2021-34327" }, { "db": "JVNDB", "id": "JVNDB-2021-009278" }, { "db": "NVD", "id": "CVE-2021-34327" }, { "db": "CNNVD", "id": "CNNVD-202107-924" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "id": "VAR-202107-1422", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:19:44.083000Z", "patch": { "_id": null, "data": [ { "title": "SSA-173615 Siemens\u00a0Security\u00a0Advisory", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=156617" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=e172da356a059f9e1b4ef7215ce64ef1" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34327 " } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-865" }, { "db": "VULMON", "id": "CVE-2021-34327" }, { "db": "JVNDB", "id": "JVNDB-2021-009278" }, { "db": "CNNVD", "id": "CNNVD-202107-924" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009278" }, { "db": "NVD", "id": "CVE-2021-34327" } ] }, "references": { "_id": null, "data": [ { "trust": 3.2, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-865/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34327" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071508" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2403" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34327" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-865" }, { "db": "VULMON", "id": "CVE-2021-34327" }, { "db": "JVNDB", "id": "JVNDB-2021-009278" }, { "db": "NVD", "id": "CVE-2021-34327" }, { "db": "CNNVD", "id": "CNNVD-202107-924" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-865", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34327", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009278", "ident": null }, { "db": "NVD", "id": "CVE-2021-34327", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-924", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-865", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34327", "ident": null }, { "date": "2022-04-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009278", "ident": null }, { "date": "2021-07-13T11:15:13.007000", "db": "NVD", "id": "CVE-2021-34327", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-924", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-865", "ident": null }, { "date": "2022-10-07T00:00:00", "db": "VULMON", "id": "CVE-2021-34327", "ident": null }, { "date": "2022-04-19T09:31:00", "db": "JVNDB", "id": "JVNDB-2021-009278", "ident": null }, { "date": "2022-10-07T20:47:29.323000", "db": "NVD", "id": "CVE-2021-34327", "ident": null }, { "date": "2022-10-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-924", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-924" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Out-of-bounds write vulnerabilities in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009278" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-924" } ], "trust": 0.6 } }
var-202111-0809
Vulnerability from variot
An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DXF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202111-0809", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "drawing sdk", "scope": null, "trust": 2.8, "vendor": "open design alliance oda", "version": null }, { "model": "solid edge viewer", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "drawings software development kit", "scope": "lt", "trust": 1.0, "vendor": "opendesign", "version": "2022.11" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.1" }, { "model": "teamcenter visualization", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "jt2go", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "12.4.0.13" }, { "model": "solid edge", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "se2022" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "12.4.0" }, { "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": "2022.11" }, { "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-334" }, { "db": "ZDI", "id": "ZDI-23-127" }, { "db": "ZDI", "id": "ZDI-23-126" }, { "db": "ZDI", "id": "ZDI-23-125" }, { "db": "ZDI", "id": "ZDI-23-210" }, { "db": "ZDI", "id": "ZDI-23-209" }, { "db": "ZDI", "id": "ZDI-23-212" }, { "db": "JVNDB", "id": "JVNDB-2021-007492" }, { "db": "NVD", "id": "CVE-2021-43336" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:opendesign:drawings_software_development_kit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2022.11", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:13.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2022:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.1", "versionStartIncluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.4.0.13", "versionStartIncluding": "12.4.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-43336" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell \u0026 Jimmy Calderon (@vectors2final) of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-23-127" }, { "db": "ZDI", "id": "ZDI-23-126" }, { "db": "ZDI", "id": "ZDI-23-125" }, { "db": "ZDI", "id": "ZDI-23-212" } ], "trust": 2.8 }, "cve": "CVE-2021-43336", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-43336", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-43336", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 4.9, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-43336", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2021-43336", "trust": 4.9, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2021-43336", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202111-1217", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-43336", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-334" }, { "db": "ZDI", "id": "ZDI-23-127" }, { "db": "ZDI", "id": "ZDI-23-126" }, { "db": "ZDI", "id": "ZDI-23-125" }, { "db": "ZDI", "id": "ZDI-23-210" }, { "db": "ZDI", "id": "ZDI-23-209" }, { "db": "ZDI", "id": "ZDI-23-212" }, { "db": "VULMON", "id": "CVE-2021-43336" }, { "db": "JVNDB", "id": "JVNDB-2021-007492" }, { "db": "NVD", "id": "CVE-2021-43336" }, { "db": "CNNVD", "id": "CNNVD-202111-1217" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DXF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object", "sources": [ { "db": "NVD", "id": "CVE-2021-43336" }, { "db": "JVNDB", "id": "JVNDB-2021-007492" }, { "db": "ZDI", "id": "ZDI-22-334" }, { "db": "ZDI", "id": "ZDI-23-127" }, { "db": "ZDI", "id": "ZDI-23-126" }, { "db": "ZDI", "id": "ZDI-23-125" }, { "db": "ZDI", "id": "ZDI-23-210" }, { "db": "ZDI", "id": "ZDI-23-209" }, { "db": "ZDI", "id": "ZDI-23-212" }, { "db": "VULMON", "id": "CVE-2021-43336" } ], "trust": 6.12 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-43336", "trust": 8.2 }, { "db": "ZDI", "id": "ZDI-22-334", "trust": 2.4 }, { "db": "SIEMENS", "id": "SSA-301589", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-491245", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-22-041-07", "trust": 1.5 }, { "db": "ICS CERT", "id": "ICSA-23-047-01", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU97514209", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU98748974", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-007492", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-15107", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19144", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-127", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19143", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-126", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19142", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-125", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19080", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-210", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19075", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-209", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19165", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-212", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2023.0960", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022021108", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202111-1217", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-43336", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-334" }, { "db": "ZDI", "id": "ZDI-23-127" }, { "db": "ZDI", "id": "ZDI-23-126" }, { "db": "ZDI", "id": "ZDI-23-125" }, { "db": "ZDI", "id": "ZDI-23-210" }, { "db": "ZDI", "id": "ZDI-23-209" }, { "db": "ZDI", "id": "ZDI-23-212" }, { "db": "VULMON", "id": "CVE-2021-43336" }, { "db": "JVNDB", "id": "JVNDB-2021-007492" }, { "db": "NVD", "id": "CVE-2021-43336" }, { "db": "CNNVD", "id": "CNNVD-202111-1217" } ] }, "id": "VAR-202111-0809", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:50:00.081000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Vulnerabilities\u00a0in\u00a0the\u00a0ODA\u00a0Drawings\u00a0Software\u00a0Development\u00a0Kit", "trust": 3.6, "url": "https://www.opendesign.com/security-advisories" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 1.4, "url": "https://cert-portal.siemens.com/productcert/html/ssa-491245.html" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "title": "Open Design Alliance Drawings SDK Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=170359" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=fefc850707fc7ccce29d30c42162ee31" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-43336 " } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-334" }, { "db": "ZDI", "id": "ZDI-23-127" }, { "db": "ZDI", "id": "ZDI-23-126" }, { "db": "ZDI", "id": "ZDI-23-125" }, { "db": "ZDI", "id": "ZDI-23-210" }, { "db": "ZDI", "id": "ZDI-23-209" }, { "db": "ZDI", "id": "ZDI-23-212" }, { "db": "VULMON", "id": "CVE-2021-43336" }, { "db": "JVNDB", "id": "JVNDB-2021-007492" }, { "db": "CNNVD", "id": "CNNVD-202111-1217" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-007492" }, { "db": "NVD", "id": "CVE-2021-43336" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 4.5, "url": "https://www.opendesign.com/security-advisories" }, { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-22-334/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" }, { "trust": 1.4, "url": "https://cert-portal.siemens.com/productcert/html/ssa-491245.html" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43336" }, { "trust": 0.9, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-041-07" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu98748974/" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu97514209/index.html" }, { "trust": 0.8, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-047-01" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022021108" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.0960" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-041-07-1" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-041-07-0" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-43336" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-334" }, { "db": "ZDI", "id": "ZDI-23-127" }, { "db": "ZDI", "id": "ZDI-23-126" }, { "db": "ZDI", "id": "ZDI-23-125" }, { "db": "ZDI", "id": "ZDI-23-210" }, { "db": "ZDI", "id": "ZDI-23-209" }, { "db": "ZDI", "id": "ZDI-23-212" }, { "db": "VULMON", "id": "CVE-2021-43336" }, { "db": "JVNDB", "id": "JVNDB-2021-007492" }, { "db": "NVD", "id": "CVE-2021-43336" }, { "db": "CNNVD", "id": "CNNVD-202111-1217" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-22-334" }, { "db": "ZDI", "id": "ZDI-23-127" }, { "db": "ZDI", "id": "ZDI-23-126" }, { "db": "ZDI", "id": "ZDI-23-125" }, { "db": "ZDI", "id": "ZDI-23-210" }, { "db": "ZDI", "id": "ZDI-23-209" }, { "db": "ZDI", "id": "ZDI-23-212" }, { "db": "VULMON", "id": "CVE-2021-43336" }, { "db": "JVNDB", "id": "JVNDB-2021-007492" }, { "db": "NVD", "id": "CVE-2021-43336" }, { "db": "CNNVD", "id": "CNNVD-202111-1217" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-15T00:00:00", "db": "ZDI", "id": "ZDI-22-334" }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-127" }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-126" }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-125" }, { "date": "2023-03-01T00:00:00", "db": "ZDI", "id": "ZDI-23-210" }, { "date": "2023-03-01T00:00:00", "db": "ZDI", "id": "ZDI-23-209" }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-212" }, { "date": "2021-11-14T00:00:00", "db": "VULMON", "id": "CVE-2021-43336" }, { "date": "2022-02-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-007492" }, { "date": "2021-11-14T21:15:08.263000", "db": "NVD", "id": "CVE-2021-43336" }, { "date": "2021-11-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-1217" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-15T00:00:00", "db": "ZDI", "id": "ZDI-22-334" }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-127" }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-126" }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-125" }, { "date": "2023-03-01T00:00:00", "db": "ZDI", "id": "ZDI-23-210" }, { "date": "2023-03-01T00:00:00", "db": "ZDI", "id": "ZDI-23-209" }, { "date": "2023-03-06T00:00:00", "db": "ZDI", "id": "ZDI-23-212" }, { "date": "2023-02-24T00:00:00", "db": "VULMON", "id": "CVE-2021-43336" }, { "date": "2023-02-17T02:09:00", "db": "JVNDB", "id": "JVNDB-2021-007492" }, { "date": "2023-02-24T15:53:38.813000", "db": "NVD", "id": "CVE-2021-43336" }, { "date": "2023-02-17T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-1217" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-1217" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Open Design Alliance (ODA) Drawing SDK DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-23-127" }, { "db": "ZDI", "id": "ZDI-23-126" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-1217" } ], "trust": 0.6 } }
var-202101-1898
Vulnerability from variot
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). Open Design Alliance Drawings SDK Exists in a vulnerability related to illegal type conversion.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": null, "trust": 4.2, "vendor": "siemens", "version": null }, { "_id": null, "model": "drawings software development kit", "scope": "lt", "trust": 1.0, "vendor": "opendesign", "version": "2021.11" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "comos", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "10.4.1" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "drawings sdk", "scope": null, "trust": 0.8, "vendor": "open design alliance", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-246" }, { "db": "ZDI", "id": "ZDI-21-245" }, { "db": "ZDI", "id": "ZDI-21-244" }, { "db": "ZDI", "id": "ZDI-21-224" }, { "db": "ZDI", "id": "ZDI-21-223" }, { "db": "ZDI", "id": "ZDI-21-218" }, { "db": "JVNDB", "id": "JVNDB-2021-002746" }, { "db": "NVD", "id": "CVE-2021-25175" } ] }, "credits": { "_id": null, "data": "Michael DePlante (@izobashi) of Trend Micro\u0027s Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-246" }, { "db": "ZDI", "id": "ZDI-21-245" }, { "db": "ZDI", "id": "ZDI-21-244" }, { "db": "ZDI", "id": "ZDI-21-218" } ], "trust": 2.8 }, "cve": "CVE-2021-25175", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-25175", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-383904", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-25175", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 4.2, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-25175", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-25175", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2021-25175", "trust": 4.2, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2021-25175", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2021-25175", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202101-1317", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-383904", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-25175", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-246" }, { "db": "ZDI", "id": "ZDI-21-245" }, { "db": "ZDI", "id": "ZDI-21-244" }, { "db": "ZDI", "id": "ZDI-21-224" }, { "db": "ZDI", "id": "ZDI-21-223" }, { "db": "ZDI", "id": "ZDI-21-218" }, { "db": "VULHUB", "id": "VHN-383904" }, { "db": "VULMON", "id": "CVE-2021-25175" }, { "db": "JVNDB", "id": "JVNDB-2021-002746" }, { "db": "CNNVD", "id": "CNNVD-202101-1317" }, { "db": "NVD", "id": "CVE-2021-25175" } ] }, "description": { "_id": null, "data": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). Open Design Alliance Drawings SDK Exists in a vulnerability related to illegal type conversion.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages", "sources": [ { "db": "NVD", "id": "CVE-2021-25175" }, { "db": "JVNDB", "id": "JVNDB-2021-002746" }, { "db": "ZDI", "id": "ZDI-21-246" }, { "db": "ZDI", "id": "ZDI-21-245" }, { "db": "ZDI", "id": "ZDI-21-244" }, { "db": "ZDI", "id": "ZDI-21-224" }, { "db": "ZDI", "id": "ZDI-21-223" }, { "db": "ZDI", "id": "ZDI-21-218" }, { "db": "VULHUB", "id": "VHN-383904" }, { "db": "VULMON", "id": "CVE-2021-25175" } ], "trust": 5.58 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-25175", "trust": 6.8 }, { "db": "ZDI", "id": "ZDI-21-246", "trust": 3.3 }, { "db": "ZDI", "id": "ZDI-21-245", "trust": 3.3 }, { "db": "ZDI", "id": "ZDI-21-244", "trust": 3.3 }, { "db": "ZDI", "id": "ZDI-21-224", "trust": 3.3 }, { "db": "ZDI", "id": "ZDI-21-223", "trust": 3.3 }, { "db": "ZDI", "id": "ZDI-21-218", "trust": 3.3 }, { "db": "SIEMENS", "id": "SSA-155599", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-663999", "trust": 1.8 }, { "db": "ICS CERT", "id": "ICSA-21-047-01", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU92291213", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-002746", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11911", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11910", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11914", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11988", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11993", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11912", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-202101-1317", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-22-069-06", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2022.1047", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0577", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031102", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-040-06", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-383904", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-25175", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-246" }, { "db": "ZDI", "id": "ZDI-21-245" }, { "db": "ZDI", "id": "ZDI-21-244" }, { "db": "ZDI", "id": "ZDI-21-224" }, { "db": "ZDI", "id": "ZDI-21-223" }, { "db": "ZDI", "id": "ZDI-21-218" }, { "db": "VULHUB", "id": "VHN-383904" }, { "db": "VULMON", "id": "CVE-2021-25175" }, { "db": "JVNDB", "id": "JVNDB-2021-002746" }, { "db": "CNNVD", "id": "CNNVD-202101-1317" }, { "db": "NVD", "id": "CVE-2021-25175" } ] }, "id": "VAR-202101-1898", "iot": { "_id": null, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-383904" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T20:27:40.022000Z", "patch": { "_id": null, "data": [ { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 4.2, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "title": "Vulnerabilities\u00a0in\u00a0the\u00a0ODA\u00a0Drawings\u00a0Software\u00a0Development\u00a0Kit Siemens Siemens\u00a0Security\u00a0Advisory", "trust": 0.8, "url": "https://www.opendesign.com/security-advisories" }, { "title": "Open Design Alliance Drawings SDK Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139576" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=dce38d2a1ec28e091a143e851596b2e8" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=1c3bdb36e22f42f5b9339f0ff806382c" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-246" }, { "db": "ZDI", "id": "ZDI-21-245" }, { "db": "ZDI", "id": "ZDI-21-244" }, { "db": "ZDI", "id": "ZDI-21-224" }, { "db": "ZDI", "id": "ZDI-21-223" }, { "db": "ZDI", "id": "ZDI-21-218" }, { "db": "VULMON", "id": "CVE-2021-25175" }, { "db": "JVNDB", "id": "JVNDB-2021-002746" }, { "db": "CNNVD", "id": "CNNVD-202101-1317" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-704", "trust": 1.1 }, { "problemtype": "Illegal type conversion or cast (CWE-704) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-383904" }, { "db": "JVNDB", "id": "JVNDB-2021-002746" }, { "db": "NVD", "id": "CVE-2021-25175" } ] }, "references": { "_id": null, "data": [ { "trust": 4.8, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "trust": 2.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-223/" }, { "trust": 2.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-218/" }, { "trust": 2.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-224/" }, { "trust": 2.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-244/" }, { "trust": 2.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-245/" }, { "trust": 2.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-246/" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "trust": 1.8, "url": "https://www.opendesign.com/security-advisories" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25175" }, { "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-047-01" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu92291213/index.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1047" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0577" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031102" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-06" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/704.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-06" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-246" }, { "db": "ZDI", "id": "ZDI-21-245" }, { "db": "ZDI", "id": "ZDI-21-244" }, { "db": "ZDI", "id": "ZDI-21-224" }, { "db": "ZDI", "id": "ZDI-21-223" }, { "db": "ZDI", "id": "ZDI-21-218" }, { "db": "VULHUB", "id": "VHN-383904" }, { "db": "VULMON", "id": "CVE-2021-25175" }, { "db": "JVNDB", "id": "JVNDB-2021-002746" }, { "db": "CNNVD", "id": "CNNVD-202101-1317" }, { "db": "NVD", "id": "CVE-2021-25175" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-246", "ident": null }, { "db": "ZDI", "id": "ZDI-21-245", "ident": null }, { "db": "ZDI", "id": "ZDI-21-244", "ident": null }, { "db": "ZDI", "id": "ZDI-21-224", "ident": null }, { "db": "ZDI", "id": "ZDI-21-223", "ident": null }, { "db": "ZDI", "id": "ZDI-21-218", "ident": null }, { "db": "VULHUB", "id": "VHN-383904", "ident": null }, { "db": "VULMON", "id": "CVE-2021-25175", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-002746", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202101-1317", "ident": null }, { "db": "NVD", "id": "CVE-2021-25175", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-246", "ident": null }, { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-245", "ident": null }, { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-244", "ident": null }, { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-224", "ident": null }, { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-223", "ident": null }, { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-218", "ident": null }, { "date": "2021-01-18T00:00:00", "db": "VULHUB", "id": "VHN-383904", "ident": null }, { "date": "2021-01-18T00:00:00", "db": "VULMON", "id": "CVE-2021-25175", "ident": null }, { "date": "2021-09-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-002746", "ident": null }, { "date": "2021-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-1317", "ident": null }, { "date": "2021-01-18T08:15:13.180000", "db": "NVD", "id": "CVE-2021-25175", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-246", "ident": null }, { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-245", "ident": null }, { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-244", "ident": null }, { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-224", "ident": null }, { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-223", "ident": null }, { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-218", "ident": null }, { "date": "2022-04-08T00:00:00", "db": "VULHUB", "id": "VHN-383904", "ident": null }, { "date": "2022-04-08T00:00:00", "db": "VULMON", "id": "CVE-2021-25175", "ident": null }, { "date": "2021-09-29T08:26:00", "db": "JVNDB", "id": "JVNDB-2021-002746", "ident": null }, { "date": "2022-03-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-1317", "ident": null }, { "date": "2024-11-21T05:54:30.173000", "db": "NVD", "id": "CVE-2021-25175", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-1317" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Siemens JT2Go DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-21-246" }, { "db": "ZDI", "id": "ZDI-21-245" }, { "db": "ZDI", "id": "ZDI-21-244" } ], "trust": 2.1 }, "type": { "_id": null, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-1317" } ], "trust": 0.6 } }
var-202107-1408
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13354). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13354 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIF files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-842" }, { "db": "JVNDB", "id": "JVNDB-2021-009323" }, { "db": "NVD", "id": "CVE-2021-34313" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34313" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-842" } ], "trust": 0.7 }, "cve": "CVE-2021-34313", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34313", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34313", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34313", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34313", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34313", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-891", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-34313", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-842" }, { "db": "VULMON", "id": "CVE-2021-34313" }, { "db": "JVNDB", "id": "JVNDB-2021-009323" }, { "db": "NVD", "id": "CVE-2021-34313" }, { "db": "CNNVD", "id": "CNNVD-202107-891" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13354). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13354 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIF files", "sources": [ { "db": "NVD", "id": "CVE-2021-34313" }, { "db": "JVNDB", "id": "JVNDB-2021-009323" }, { "db": "ZDI", "id": "ZDI-21-842" }, { "db": "VULMON", "id": "CVE-2021-34313" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34313", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-842", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009323", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13354", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-891", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34313", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-842" }, { "db": "VULMON", "id": "CVE-2021-34313" }, { "db": "JVNDB", "id": "JVNDB-2021-009323" }, { "db": "NVD", "id": "CVE-2021-34313" }, { "db": "CNNVD", "id": "CNNVD-202107-891" } ] }, "id": "VAR-202107-1408", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:29:43.797000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=156584" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34313 " } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-842" }, { "db": "VULMON", "id": "CVE-2021-34313" }, { "db": "JVNDB", "id": "JVNDB-2021-009323" }, { "db": "CNNVD", "id": "CNNVD-202107-891" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009323" }, { "db": "NVD", "id": "CVE-2021-34313" } ] }, "references": { "_id": null, "data": [ { "trust": 3.2, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-842/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34313" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34313" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-842" }, { "db": "VULMON", "id": "CVE-2021-34313" }, { "db": "JVNDB", "id": "JVNDB-2021-009323" }, { "db": "NVD", "id": "CVE-2021-34313" }, { "db": "CNNVD", "id": "CNNVD-202107-891" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-842", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34313", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009323", "ident": null }, { "db": "NVD", "id": "CVE-2021-34313", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-891", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-842", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34313", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009323", "ident": null }, { "date": "2021-07-13T11:15:11.903000", "db": "NVD", "id": "CVE-2021-34313", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-891", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-842", "ident": null }, { "date": "2022-10-07T00:00:00", "db": "VULMON", "id": "CVE-2021-34313", "ident": null }, { "date": "2022-04-20T08:23:00", "db": "JVNDB", "id": "JVNDB-2021-009323", "ident": null }, { "date": "2022-10-07T20:47:45.083000", "db": "NVD", "id": "CVE-2021-34313", "ident": null }, { "date": "2022-10-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-891", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-891" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009323" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-891" } ], "trust": 0.6 } }
var-202107-1425
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13430). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13430 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-868" }, { "db": "JVNDB", "id": "JVNDB-2021-009275" }, { "db": "NVD", "id": "CVE-2021-34330" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34330" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-868" } ], "trust": 0.7 }, "cve": "CVE-2021-34330", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34330", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34330", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34330", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34330", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34330", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-928", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-34330", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-868" }, { "db": "VULMON", "id": "CVE-2021-34330" }, { "db": "JVNDB", "id": "JVNDB-2021-009275" }, { "db": "NVD", "id": "CVE-2021-34330" }, { "db": "CNNVD", "id": "CNNVD-202107-928" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13430). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13430 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-34330" }, { "db": "JVNDB", "id": "JVNDB-2021-009275" }, { "db": "ZDI", "id": "ZDI-21-868" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-34330" } ], "trust": 2.88 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34330", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-868", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009275", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13430", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021071508", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-928", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34330", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-868" }, { "db": "VULMON", "id": "CVE-2021-34330" }, { "db": "JVNDB", "id": "JVNDB-2021-009275" }, { "db": "NVD", "id": "CVE-2021-34330" }, { "db": "CNNVD", "id": "CNNVD-202107-928" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "id": "VAR-202107-1425", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:07:22.785000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156621" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-868" }, { "db": "VULMON", "id": "CVE-2021-34330" }, { "db": "JVNDB", "id": "JVNDB-2021-009275" }, { "db": "CNNVD", "id": "CNNVD-202107-928" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-416", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009275" }, { "db": "NVD", "id": "CVE-2021-34330" } ] }, "references": { "_id": null, "data": [ { "trust": 2.5, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-868/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34330" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071508" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-868" }, { "db": "VULMON", "id": "CVE-2021-34330" }, { "db": "JVNDB", "id": "JVNDB-2021-009275" }, { "db": "NVD", "id": "CVE-2021-34330" }, { "db": "CNNVD", "id": "CNNVD-202107-928" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-868", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34330", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009275", "ident": null }, { "db": "NVD", "id": "CVE-2021-34330", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-928", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-868", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34330", "ident": null }, { "date": "2022-04-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009275", "ident": null }, { "date": "2021-07-13T11:15:13.253000", "db": "NVD", "id": "CVE-2021-34330", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-928", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-868", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "VULMON", "id": "CVE-2021-34330", "ident": null }, { "date": "2022-04-19T09:20:00", "db": "JVNDB", "id": "JVNDB-2021-009275", "ident": null }, { "date": "2021-09-20T12:31:28.203000", "db": "NVD", "id": "CVE-2021-34330", "ident": null }, { "date": "2021-07-20T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-928", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-928" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009275" } ], "trust": 0.8 }, "type": { "_id": null, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-928" } ], "trust": 0.6 } }
var-202107-1400
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13340). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13340 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of GIF files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-834" }, { "db": "ZDI", "id": "ZDI-21-833" }, { "db": "JVNDB", "id": "JVNDB-2021-009333" }, { "db": "NVD", "id": "CVE-2021-34305" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34305" } ] }, "credits": { "_id": null, "data": "Brian Gorenc of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-834" }, { "db": "ZDI", "id": "ZDI-21-833" }, { "db": "CNNVD", "id": "CNNVD-202107-880" } ], "trust": 2.0 }, "cve": "CVE-2021-34305", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34305", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34305", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34305", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34305", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34305", "trust": 1.4, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-880", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-34305", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-834" }, { "db": "ZDI", "id": "ZDI-21-833" }, { "db": "VULMON", "id": "CVE-2021-34305" }, { "db": "JVNDB", "id": "JVNDB-2021-009333" }, { "db": "NVD", "id": "CVE-2021-34305" }, { "db": "CNNVD", "id": "CNNVD-202107-880" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13340). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13340 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of GIF files", "sources": [ { "db": "NVD", "id": "CVE-2021-34305" }, { "db": "JVNDB", "id": "JVNDB-2021-009333" }, { "db": "ZDI", "id": "ZDI-21-834" }, { "db": "ZDI", "id": "ZDI-21-833" }, { "db": "VULMON", "id": "CVE-2021-34305" } ], "trust": 2.97 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34305", "trust": 4.7 }, { "db": "ZDI", "id": "ZDI-21-833", "trust": 3.2 }, { "db": "ZDI", "id": "ZDI-21-834", "trust": 2.3 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009333", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13341", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13340", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-880", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34305", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-834" }, { "db": "ZDI", "id": "ZDI-21-833" }, { "db": "VULMON", "id": "CVE-2021-34305" }, { "db": "JVNDB", "id": "JVNDB-2021-009333" }, { "db": "NVD", "id": "CVE-2021-34305" }, { "db": "CNNVD", "id": "CNNVD-202107-880" } ] }, "id": "VAR-202107-1400", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:03:48.904000Z", "patch": { "_id": null, "data": [ { "title": "", "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156573" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-834" }, { "db": "ZDI", "id": "ZDI-21-833" }, { "db": "VULMON", "id": "CVE-2021-34305" }, { "db": "JVNDB", "id": "JVNDB-2021-009333" }, { "db": "CNNVD", "id": "CNNVD-202107-880" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009333" }, { "db": "NVD", "id": "CVE-2021-34305" } ] }, "references": { "_id": null, "data": [ { "trust": 2.5, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-833/" }, { "trust": 2.2, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-834/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34305" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-834" }, { "db": "ZDI", "id": "ZDI-21-833" }, { "db": "VULMON", "id": "CVE-2021-34305" }, { "db": "JVNDB", "id": "JVNDB-2021-009333" }, { "db": "NVD", "id": "CVE-2021-34305" }, { "db": "CNNVD", "id": "CNNVD-202107-880" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-834", "ident": null }, { "db": "ZDI", "id": "ZDI-21-833", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34305", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009333", "ident": null }, { "db": "NVD", "id": "CVE-2021-34305", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-880", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-834", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-833", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34305", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009333", "ident": null }, { "date": "2021-07-13T11:15:11.283000", "db": "NVD", "id": "CVE-2021-34305", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-880", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-834", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-833", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "VULMON", "id": "CVE-2021-34305", "ident": null }, { "date": "2022-04-20T08:58:00", "db": "JVNDB", "id": "JVNDB-2021-009333", "ident": null }, { "date": "2021-07-27T16:27:39.957000", "db": "NVD", "id": "CVE-2021-34305", "ident": null }, { "date": "2021-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-880", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-880" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Siemens JT2Go GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-21-834" }, { "db": "ZDI", "id": "ZDI-21-833" } ], "trust": 1.4 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-880" } ], "trust": 0.6 } }
var-202106-1194
Vulnerability from variot
An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DWG files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "drawing sdk", "scope": null, "trust": 1.4, "vendor": "open design alliance oda", "version": null }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.1" }, { "_id": null, "model": "drawings sdk", "scope": "lt", "trust": 1.0, "vendor": "opendesign", "version": "2022.4" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.1" }, { "_id": null, "model": "comos", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "10.4.1" }, { "_id": null, "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": "2022.4 all previous s - cve-2021-32938 , cve-2021-32936 , cve-2021-32940 , cve-2021-32948 , cve-2021-32950 , cve-2021-32944" }, { "_id": null, "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": "2022.5 all previous s - cve-2021-32946 , cve-2021-32952" }, { "_id": null, "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null }, { "_id": null, "model": "solid edge viewer", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-984" }, { "db": "ZDI", "id": "ZDI-23-128" }, { "db": "ZDI", "id": "ZDI-23-121" }, { "db": "ZDI", "id": "ZDI-23-208" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "NVD", "id": "CVE-2021-32948" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-984" }, { "db": "ZDI", "id": "ZDI-23-208" }, { "db": "CNNVD", "id": "CNNVD-202106-684" } ], "trust": 2.0 }, "cve": "CVE-2021-32948", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-32948", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-392934", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-32948", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.8, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-32948", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "IPA", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2021-001881", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2021-32948", "trust": 2.8, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2021-32948", "trust": 1.0, "value": "HIGH" }, { "author": "IPA", "id": "JVNDB-2021-001881", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202106-684", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-392934", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-32948", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-984" }, { "db": "ZDI", "id": "ZDI-23-128" }, { "db": "ZDI", "id": "ZDI-23-121" }, { "db": "ZDI", "id": "ZDI-23-208" }, { "db": "VULHUB", "id": "VHN-392934" }, { "db": "VULMON", "id": "CVE-2021-32948" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-684" }, { "db": "NVD", "id": "CVE-2021-32948" } ] }, "description": { "_id": null, "data": "An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DWG files. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-32948" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "ZDI", "id": "ZDI-21-984" }, { "db": "ZDI", "id": "ZDI-23-128" }, { "db": "ZDI", "id": "ZDI-23-121" }, { "db": "ZDI", "id": "ZDI-23-208" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-392934" }, { "db": "VULMON", "id": "CVE-2021-32948" } ], "trust": 4.86 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-32948", "trust": 6.2 }, { "db": "ICS CERT", "id": "ICSA-21-159-02", "trust": 2.6 }, { "db": "ZDI", "id": "ZDI-21-984", "trust": 2.5 }, { "db": "SIEMENS", "id": "SSA-155599", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-491245", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-365397", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU97514209", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95145431", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-23-047-01", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-001881", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13410", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19145", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-128", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19135", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-121", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19074", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-208", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-22-069-06", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.0960", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2700", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1047", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2046", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031102", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021081108", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021060909", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-222-01", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202106-684", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-392934", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-32948", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-984" }, { "db": "ZDI", "id": "ZDI-23-128" }, { "db": "ZDI", "id": "ZDI-23-121" }, { "db": "ZDI", "id": "ZDI-23-208" }, { "db": "VULHUB", "id": "VHN-392934" }, { "db": "VULMON", "id": "CVE-2021-32948" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-684" }, { "db": "NVD", "id": "CVE-2021-32948" } ] }, "id": "VAR-202106-1194", "iot": { "_id": null, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-392934" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T13:13:19.099000Z", "patch": { "_id": null, "data": [ { "title": "", "trust": 1.4, "url": "https://www.opendesign.com/security-advisories" }, { "title": "Open\u00a0Design\u00a0Alliance\u00a0( Login required ) Open\u00a0Design\u00a0Alliance", "trust": 0.8, "url": "https://docs.opendesign.com/td/frames.html?frmname=topic\u0026frmfile=MovingToNewVersion.html" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-491245.html" }, { "title": "Open Design Alliance Drawings SDK Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=154861" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=dce38d2a1ec28e091a143e851596b2e8" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b2237aa5ac819041f827cc4fd4128631" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-984" }, { "db": "ZDI", "id": "ZDI-23-128" }, { "db": "ZDI", "id": "ZDI-23-121" }, { "db": "ZDI", "id": "ZDI-23-208" }, { "db": "VULMON", "id": "CVE-2021-32948" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202106-684" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "Out-of-bounds read (CWE-125) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Use of freed memory (CWE-416) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Improper checking in exceptional conditions (CWE-754) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [IPA evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-392934" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "NVD", "id": "CVE-2021-32948" } ] }, "references": { "_id": null, "data": [ { "trust": 2.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "trust": 2.5, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-984/" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" }, { "trust": 1.4, "url": "https://www.opendesign.com/security-advisories" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32948" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu95145431" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu97514209/index.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32936" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32938" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32940" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32944" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32946" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32950" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32952" }, { "trust": 0.8, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-047-01" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf" }, { "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-491245.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1047" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2046" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021081108" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.0960" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2700" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021060909" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031102" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-06" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-155599.txt" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-06" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-984" }, { "db": "ZDI", "id": "ZDI-23-128" }, { "db": "ZDI", "id": "ZDI-23-121" }, { "db": "ZDI", "id": "ZDI-23-208" }, { "db": "VULHUB", "id": "VHN-392934" }, { "db": "VULMON", "id": "CVE-2021-32948" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-684" }, { "db": "NVD", "id": "CVE-2021-32948" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-984", "ident": null }, { "db": "ZDI", "id": "ZDI-23-128", "ident": null }, { "db": "ZDI", "id": "ZDI-23-121", "ident": null }, { "db": "ZDI", "id": "ZDI-23-208", "ident": null }, { "db": "VULHUB", "id": "VHN-392934", "ident": null }, { "db": "VULMON", "id": "CVE-2021-32948", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-001881", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202106-684", "ident": null }, { "db": "NVD", "id": "CVE-2021-32948", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-984", "ident": null }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-128", "ident": null }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-121", "ident": null }, { "date": "2023-03-01T00:00:00", "db": "ZDI", "id": "ZDI-23-208", "ident": null }, { "date": "2021-06-17T00:00:00", "db": "VULHUB", "id": "VHN-392934", "ident": null }, { "date": "2021-06-17T00:00:00", "db": "VULMON", "id": "CVE-2021-32948", "ident": null }, { "date": "2021-06-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-001881", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2021-06-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-684", "ident": null }, { "date": "2021-06-17T13:15:08.167000", "db": "NVD", "id": "CVE-2021-32948", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-984", "ident": null }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-128", "ident": null }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-121", "ident": null }, { "date": "2023-03-01T00:00:00", "db": "ZDI", "id": "ZDI-23-208", "ident": null }, { "date": "2023-02-14T00:00:00", "db": "VULHUB", "id": "VHN-392934", "ident": null }, { "date": "2023-02-14T00:00:00", "db": "VULMON", "id": "CVE-2021-32948", "ident": null }, { "date": "2023-02-17T05:48:00", "db": "JVNDB", "id": "JVNDB-2021-001881", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2023-02-17T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-684", "ident": null }, { "date": "2023-02-14T12:15:11.183000", "db": "NVD", "id": "CVE-2021-32948", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202106-684" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Open\u00a0Design\u00a0Alliance\u00a0 Made \u00a0Drawings\u00a0SDK\u00a0 Multiple vulnerabilities in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001881" } ], "trust": 0.8 }, "type": { "_id": null, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
var-202308-0231
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202308-0231", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.10" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.5" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.2" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.5" }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021428" }, { "db": "NVD", "id": "CVE-2023-38682" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.2.0.5", "versionStartIncluding": "14.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.2.0.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.10", "versionStartIncluding": "14.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-38682" } ] }, "cve": "CVE-2023-38682", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-38682", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-38682", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2023-38682", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021428" }, { "db": "NVD", "id": "CVE-2023-38682" }, { "db": "NVD", "id": "CVE-2023-38682" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.2.0.5), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.14), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.10), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process. Siemens\u0027 JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-38682" }, { "db": "JVNDB", "id": "JVNDB-2023-021428" }, { "db": "VULMON", "id": "CVE-2023-38682" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-38682", "trust": 2.7 }, { "db": "SIEMENS", "id": "SSA-131450", "trust": 1.9 }, { "db": "JVN", "id": "JVNVU90056839", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-23-222-01", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-021428", "trust": 0.8 }, { "db": "VULMON", "id": "CVE-2023-38682", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-38682" }, { "db": "JVNDB", "id": "JVNDB-2023-021428" }, { "db": "NVD", "id": "CVE-2023-38682" } ] }, "id": "VAR-202308-0231", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2024-01-20T20:35:34.613000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021428" }, { "db": "NVD", "id": "CVE-2023-38682" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu90056839/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38682" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-222-01" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-38682" }, { "db": "JVNDB", "id": "JVNDB-2023-021428" }, { "db": "NVD", "id": "CVE-2023-38682" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2023-38682" }, { "db": "JVNDB", "id": "JVNDB-2023-021428" }, { "db": "NVD", "id": "CVE-2023-38682" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-08-08T00:00:00", "db": "VULMON", "id": "CVE-2023-38682" }, { "date": "2024-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-021428" }, { "date": "2023-08-08T10:15:16.887000", "db": "NVD", "id": "CVE-2023-38682" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-08-08T00:00:00", "db": "VULMON", "id": "CVE-2023-38682" }, { "date": "2024-01-19T05:42:00", "db": "JVNDB", "id": "JVNDB-2023-021428" }, { "date": "2023-08-14T18:53:21.687000", "db": "NVD", "id": "CVE-2023-38682" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021428" } ], "trust": 0.8 } }
var-202205-0952
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens JT2GO and Teamcenter Visualization
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0952", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.1" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.3" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.3" } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29028" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.1", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.3", "versionStartIncluding": "13.3", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29028" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "reported these vulnerabilities to CISA., of ADLab of Venustech,Jin Huang", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3138" } ], "trust": 0.6 }, "cve": "CVE-2022-29028", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-29028", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202205-3138", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29028" }, { "db": "CNNVD", "id": "CNNVD-202205-3138" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.3.0.3), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.3), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens JT2GO and Teamcenter Visualization", "sources": [ { "db": "NVD", "id": "CVE-2022-29028" }, { "db": "VULMON", "id": "CVE-2022-29028" } ], "trust": 0.99 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-29028", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-553086", "trust": 1.6 }, { "db": "ICS CERT", "id": "ICSA-22-132-09", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022051211", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.2350", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202205-3138", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-29028", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-29028" }, { "db": "NVD", "id": "CVE-2022-29028" }, { "db": "CNNVD", "id": "CNNVD-202205-3138" } ] }, "id": "VAR-202205-0952", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:56:05.528000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens JT2GO and Siemens Teamcenter Visualization Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=194238" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3138" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-835", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29028" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-132-09" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.2350" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022051211" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-29028/" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-09" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-29028" }, { "db": "NVD", "id": "CVE-2022-29028" }, { "db": "CNNVD", "id": "CNNVD-202205-3138" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-29028" }, { "db": "NVD", "id": "CVE-2022-29028" }, { "db": "CNNVD", "id": "CNNVD-202205-3138" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-20T13:15:15.550000", "db": "NVD", "id": "CVE-2022-29028" }, { "date": "2022-05-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202205-3138" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-26T16:19:56.143000", "db": "NVD", "id": "CVE-2022-29028" }, { "date": "2022-05-30T00:00:00", "db": "CNNVD", "id": "CNNVD-202205-3138" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3138" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens JT2GO and Siemens Teamcenter Visualization Security hole", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3138" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-3138" } ], "trust": 0.6 } }
var-202212-1172
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains divide by zero vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens' JT2Go and Teamcenter Visualization Is vulnerable to division by zero.Service operation interruption (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1172", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.4" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.8" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.6" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.12" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.6" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023182" }, { "db": "NVD", "id": "CVE-2022-41287" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.4", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.8", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.12", "versionStartIncluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.6", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-41287" } ] }, "cve": "CVE-2022-41287", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "productcert@siemens.com", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "OTHER", "availabilityImpact": "Low", "baseScore": 3.3, "baseSeverity": "Low", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2022-023182", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2022-41287", "trust": 1.0, "value": "LOW" }, { "author": "NVD", "id": "CVE-2022-41287", "trust": 1.0, "value": "MEDIUM" }, { "author": "OTHER", "id": "JVNDB-2022-023182", "trust": 0.8, "value": "Low" }, { "author": "CNNVD", "id": "CNNVD-202212-3102", "trust": 0.6, "value": "LOW" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023182" }, { "db": "CNNVD", "id": "CNNVD-202212-3102" }, { "db": "NVD", "id": "CVE-2022-41287" }, { "db": "NVD", "id": "CVE-2022-41287" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains divide by zero vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens\u0027 JT2Go and Teamcenter Visualization Is vulnerable to division by zero.Service operation interruption (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-41287" }, { "db": "JVNDB", "id": "JVNDB-2022-023182" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-41287", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-700053", "trust": 2.4 }, { "db": "ICS CERT", "id": "ICSA-22-349-20", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU91561630", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-023182", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202212-3102", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023182" }, { "db": "CNNVD", "id": "CNNVD-202212-3102" }, { "db": "NVD", "id": "CVE-2022-41287" } ] }, "id": "VAR-202212-1172", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2024-02-02T20:09:59.020000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens part of the product Fixes for digital error vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=228953" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3102" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-369", "trust": 1.0 }, { "problemtype": "Division by zero (CWE-369) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023182" }, { "db": "NVD", "id": "CVE-2022-41287" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91561630/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41287" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-20" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-41287/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023182" }, { "db": "CNNVD", "id": "CNNVD-202212-3102" }, { "db": "NVD", "id": "CVE-2022-41287" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2022-023182" }, { "db": "CNNVD", "id": "CNNVD-202212-3102" }, { "db": "NVD", "id": "CVE-2022-41287" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-023182" }, { "date": "2022-12-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3102" }, { "date": "2022-12-13T16:15:23.060000", "db": "NVD", "id": "CVE-2022-41287" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-28T02:16:00", "db": "JVNDB", "id": "JVNDB-2022-023182" }, { "date": "2023-04-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3102" }, { "date": "2024-02-01T16:05:14.573000", "db": "NVD", "id": "CVE-2022-41287" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3102" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Division by zero vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023182" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "digital error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3102" } ], "trust": 0.6 } }
var-202102-0326
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12178). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-12178 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TGA files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-231" }, { "db": "JVNDB", "id": "JVNDB-2020-015917" }, { "db": "NVD", "id": "CVE-2020-27005" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-27005" } ] }, "credits": { "_id": null, "data": "Francis Provencher {PRL}", "sources": [ { "db": "ZDI", "id": "ZDI-21-231" } ], "trust": 0.7 }, "cve": "CVE-2020-27005", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.6, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-27005", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-27005", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-27005", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-27005", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2020-27005", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202102-862", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-231" }, { "db": "JVNDB", "id": "JVNDB-2020-015917" }, { "db": "NVD", "id": "CVE-2020-27005" }, { "db": "CNNVD", "id": "CNNVD-202102-862" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12178). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-12178 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TGA files", "sources": [ { "db": "NVD", "id": "CVE-2020-27005" }, { "db": "JVNDB", "id": "JVNDB-2020-015917" }, { "db": "ZDI", "id": "ZDI-21-231" } ], "trust": 2.25 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-27005", "trust": 3.1 }, { "db": "ZDI", "id": "ZDI-21-231", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-663999", "trust": 1.6 }, { "db": "JVN", "id": "JVNVU91083521", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015917", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12178", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-040-06", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0495", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202102-862", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-231" }, { "db": "JVNDB", "id": "JVNDB-2020-015917" }, { "db": "NVD", "id": "CVE-2020-27005" }, { "db": "CNNVD", "id": "CNNVD-202102-862" } ] }, "id": "VAR-202102-0326", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:08:31.743000Z", "patch": { "_id": null, "data": [ { "title": "SSA-663999", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "title": "JT2Go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=141284" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-231" }, { "db": "JVNDB", "id": "JVNDB-2020-015917" }, { "db": "CNNVD", "id": "CNNVD-202102-862" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015917" }, { "db": "NVD", "id": "CVE-2020-27005" } ] }, "references": { "_id": null, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-231/" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "trust": 1.3, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91083521/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27005" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0495" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-231" }, { "db": "JVNDB", "id": "JVNDB-2020-015917" }, { "db": "NVD", "id": "CVE-2020-27005" }, { "db": "CNNVD", "id": "CNNVD-202102-862" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-231", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015917", "ident": null }, { "db": "NVD", "id": "CVE-2020-27005", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202102-862", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-231", "ident": null }, { "date": "2021-10-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015917", "ident": null }, { "date": "2021-02-09T17:15:14.280000", "db": "NVD", "id": "CVE-2020-27005", "ident": null }, { "date": "2021-02-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-862", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-231", "ident": null }, { "date": "2021-10-22T08:30:00", "db": "JVNDB", "id": "JVNDB-2020-015917", "ident": null }, { "date": "2021-03-05T18:43:51.580000", "db": "NVD", "id": "CVE-2020-27005", "ident": null }, { "date": "2021-03-01T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-862", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-862" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds Vulnerability in Microsoft", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015917" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-862" } ], "trust": 0.6 } }
var-202107-1412
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing PCX files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13402). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13402 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PCX files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-853" }, { "db": "JVNDB", "id": "JVNDB-2021-009319" }, { "db": "NVD", "id": "CVE-2021-34317" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34317" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-853" } ], "trust": 0.7 }, "cve": "CVE-2021-34317", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34317", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34317", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34317", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34317", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34317", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-895", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-34317", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-853" }, { "db": "VULMON", "id": "CVE-2021-34317" }, { "db": "JVNDB", "id": "JVNDB-2021-009319" }, { "db": "NVD", "id": "CVE-2021-34317" }, { "db": "CNNVD", "id": "CNNVD-202107-895" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing PCX files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13402). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13402 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PCX files. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-34317" }, { "db": "JVNDB", "id": "JVNDB-2021-009319" }, { "db": "ZDI", "id": "ZDI-21-853" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-34317" } ], "trust": 2.88 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34317", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-853", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009319", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13402", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021071508", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-895", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34317", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-853" }, { "db": "VULMON", "id": "CVE-2021-34317" }, { "db": "JVNDB", "id": "JVNDB-2021-009319" }, { "db": "NVD", "id": "CVE-2021-34317" }, { "db": "CNNVD", "id": "CNNVD-202107-895" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "id": "VAR-202107-1412", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:43:00.050000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=156588" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34317 " } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-853" }, { "db": "VULMON", "id": "CVE-2021-34317" }, { "db": "JVNDB", "id": "JVNDB-2021-009319" }, { "db": "CNNVD", "id": "CNNVD-202107-895" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009319" }, { "db": "NVD", "id": "CVE-2021-34317" } ] }, "references": { "_id": null, "data": [ { "trust": 3.2, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-853/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34317" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071508" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34317" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-853" }, { "db": "VULMON", "id": "CVE-2021-34317" }, { "db": "JVNDB", "id": "JVNDB-2021-009319" }, { "db": "NVD", "id": "CVE-2021-34317" }, { "db": "CNNVD", "id": "CNNVD-202107-895" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-853", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34317", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009319", "ident": null }, { "db": "NVD", "id": "CVE-2021-34317", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-895", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-853", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34317", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009319", "ident": null }, { "date": "2021-07-13T11:15:12.217000", "db": "NVD", "id": "CVE-2021-34317", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-895", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-853", "ident": null }, { "date": "2022-10-07T00:00:00", "db": "VULMON", "id": "CVE-2021-34317", "ident": null }, { "date": "2022-04-20T08:14:00", "db": "JVNDB", "id": "JVNDB-2021-009319", "ident": null }, { "date": "2022-10-07T20:47:42.550000", "db": "NVD", "id": "CVE-2021-34317", "ident": null }, { "date": "2022-10-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-895", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-895" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009319" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-895" } ], "trust": 0.6 } }
var-202102-0379
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of RAS files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12283). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-12283 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of RAS files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "v13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-236" }, { "db": "JVNDB", "id": "JVNDB-2020-015888" }, { "db": "NVD", "id": "CVE-2020-28394" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-28394" } ] }, "credits": { "_id": null, "data": "Francis Provencher {PRL}", "sources": [ { "db": "ZDI", "id": "ZDI-21-236" } ], "trust": 0.7 }, "cve": "CVE-2020-28394", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.1, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-28394", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-28394", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2020-28394", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-28394", "trust": 1.8, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2020-28394", "trust": 0.7, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202102-863", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-236" }, { "db": "JVNDB", "id": "JVNDB-2020-015888" }, { "db": "NVD", "id": "CVE-2020-28394" }, { "db": "CNNVD", "id": "CNNVD-202102-863" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of RAS files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12283). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-12283 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of RAS files", "sources": [ { "db": "NVD", "id": "CVE-2020-28394" }, { "db": "JVNDB", "id": "JVNDB-2020-015888" }, { "db": "ZDI", "id": "ZDI-21-236" } ], "trust": 2.25 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-28394", "trust": 3.1 }, { "db": "ZDI", "id": "ZDI-21-236", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-663999", "trust": 1.6 }, { "db": "ICS CERT", "id": "ICSA-21-040-06", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU91083521", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015888", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12283", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.0495", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202102-863", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-236" }, { "db": "JVNDB", "id": "JVNDB-2020-015888" }, { "db": "NVD", "id": "CVE-2020-28394" }, { "db": "CNNVD", "id": "CNNVD-202102-863" } ] }, "id": "VAR-202102-0379", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:52:25.651000Z", "patch": { "_id": null, "data": [ { "title": "SSA-663999", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "title": "JT2Go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=141285" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-236" }, { "db": "JVNDB", "id": "JVNDB-2020-015888" }, { "db": "CNNVD", "id": "CNNVD-202102-863" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015888" }, { "db": "NVD", "id": "CVE-2020-28394" } ] }, "references": { "_id": null, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-236/" }, { "trust": 2.1, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91083521/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28394" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0495" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-236" }, { "db": "JVNDB", "id": "JVNDB-2020-015888" }, { "db": "NVD", "id": "CVE-2020-28394" }, { "db": "CNNVD", "id": "CNNVD-202102-863" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-236", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015888", "ident": null }, { "db": "NVD", "id": "CVE-2020-28394", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202102-863", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-236", "ident": null }, { "date": "2021-10-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015888", "ident": null }, { "date": "2021-02-09T18:15:43.073000", "db": "NVD", "id": "CVE-2020-28394", "ident": null }, { "date": "2021-02-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-863", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-236", "ident": null }, { "date": "2021-10-20T09:06:00", "db": "JVNDB", "id": "JVNDB-2020-015888", "ident": null }, { "date": "2021-03-05T18:24:35.117000", "db": "NVD", "id": "CVE-2020-28394", "ident": null }, { "date": "2021-03-01T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-863", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-863" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015888" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-863" } ], "trust": 0.6 } }
var-202306-0900
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted CGM file. This vulnerability could allow an attacker to disclose sensitive information. Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202306-0900", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.3" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.10" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.3" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.2" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.13" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.6" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.8" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008589" }, { "db": "NVD", "id": "CVE-2023-33122" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.13", "versionStartIncluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.2.0.3", "versionStartIncluding": "14.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.2.0.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.10", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.6", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.8", "versionStartIncluding": "14.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-33122" } ] }, "cve": "CVE-2023-33122", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "productcert@siemens.com", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-33122", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-33122", "trust": 1.8, "value": "MEDIUM" }, { "author": "productcert@siemens.com", "id": "CVE-2023-33122", "trust": 1.0, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202306-876", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008589" }, { "db": "NVD", "id": "CVE-2023-33122" }, { "db": "NVD", "id": "CVE-2023-33122" }, { "db": "CNNVD", "id": "CNNVD-202306-876" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.2.0.3), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.13), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.10), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.6), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.8), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted CGM file. This vulnerability could allow an attacker to disclose sensitive information. Siemens\u0027 JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information may be obtained", "sources": [ { "db": "NVD", "id": "CVE-2023-33122" }, { "db": "JVNDB", "id": "JVNDB-2023-008589" }, { "db": "VULMON", "id": "CVE-2023-33122" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-33122", "trust": 3.3 }, { "db": "SIEMENS", "id": "SSA-538795", "trust": 2.5 }, { "db": "ICS CERT", "id": "ICSA-23-166-14", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU99464755", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-008589", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202306-876", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-33122", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-33122" }, { "db": "JVNDB", "id": "JVNDB-2023-008589" }, { "db": "NVD", "id": "CVE-2023-33122" }, { "db": "CNNVD", "id": "CNNVD-202306-876" } ] }, "id": "VAR-202306-0900", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:18:43.852000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens JT2Go Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=242502" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-876" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008589" }, { "db": "NVD", "id": "CVE-2023-33122" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu99464755/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-33122" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-14" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-33122/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-33122" }, { "db": "JVNDB", "id": "JVNDB-2023-008589" }, { "db": "NVD", "id": "CVE-2023-33122" }, { "db": "CNNVD", "id": "CNNVD-202306-876" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2023-33122" }, { "db": "JVNDB", "id": "JVNDB-2023-008589" }, { "db": "NVD", "id": "CVE-2023-33122" }, { "db": "CNNVD", "id": "CNNVD-202306-876" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-13T00:00:00", "db": "VULMON", "id": "CVE-2023-33122" }, { "date": "2023-12-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-008589" }, { "date": "2023-06-13T09:15:18.380000", "db": "NVD", "id": "CVE-2023-33122" }, { "date": "2023-06-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202306-876" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-13T00:00:00", "db": "VULMON", "id": "CVE-2023-33122" }, { "date": "2023-12-01T08:15:00", "db": "JVNDB", "id": "JVNDB-2023-008589" }, { "date": "2023-06-22T00:05:51.170000", "db": "NVD", "id": "CVE-2023-33122" }, { "date": "2023-06-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202306-876" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-876" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008589" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-876" } ], "trust": 0.6 } }
var-202101-0353
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process. JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0353", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0" }, { "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0" }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02579" }, { "db": "JVNDB", "id": "JVNDB-2020-015256" }, { "db": "NVD", "id": "CVE-2020-26992" } ] }, "cve": "CVE-2020-26992", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-26992", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2021-02579", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-26992", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-26992", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-26992", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2020-26992", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2021-02579", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202101-843", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02579" }, { "db": "JVNDB", "id": "JVNDB-2020-015256" }, { "db": "CNNVD", "id": "CNNVD-202101-843" }, { "db": "NVD", "id": "CVE-2020-26992" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process. JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment", "sources": [ { "db": "NVD", "id": "CVE-2020-26992" }, { "db": "JVNDB", "id": "JVNDB-2020-015256" }, { "db": "CNVD", "id": "CNVD-2021-02579" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-26992", "trust": 3.0 }, { "db": "SIEMENS", "id": "SSA-622830", "trust": 2.2 }, { "db": "JVN", "id": "JVNVU91685542", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015256", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2021-02579", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-012-03", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0125", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-843", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02579" }, { "db": "JVNDB", "id": "JVNDB-2020-015256" }, { "db": "CNNVD", "id": "CNNVD-202101-843" }, { "db": "NVD", "id": "CVE-2020-26992" } ] }, "id": "VAR-202101-0353", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-02579" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02579" } ] }, "last_update_date": "2024-11-23T20:49:07.528000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-622830", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "title": "Patch for JT2Go and Teamcenter Visualization stack buffer overflow vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/243973" }, { "title": "Siemens JTGo Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139355" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02579" }, { "db": "JVNDB", "id": "JVNDB-2020-015256" }, { "db": "CNNVD", "id": "CNNVD-202101-843" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015256" }, { "db": "NVD", "id": "CVE-2020-26992" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26992" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91685542/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0125/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02579" }, { "db": "JVNDB", "id": "JVNDB-2020-015256" }, { "db": "CNNVD", "id": "CNNVD-202101-843" }, { "db": "NVD", "id": "CVE-2020-26992" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-02579" }, { "db": "JVNDB", "id": "JVNDB-2020-015256" }, { "db": "CNNVD", "id": "CNNVD-202101-843" }, { "db": "NVD", "id": "CVE-2020-26992" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02579" }, { "date": "2021-09-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015256" }, { "date": "2021-01-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-843" }, { "date": "2021-01-12T21:15:17.387000", "db": "NVD", "id": "CVE-2020-26992" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02579" }, { "date": "2021-09-15T08:31:00", "db": "JVNDB", "id": "JVNDB-2020-015256" }, { "date": "2021-02-18T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-843" }, { "date": "2024-11-21T05:20:38.580000", "db": "NVD", "id": "CVE-2020-26992" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-843" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds Vulnerability in Microsoft", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015256" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-843" } ], "trust": 0.6 } }
var-202401-0192
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens' JT2Go and Teamcenter Visualization for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202401-0192", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.2" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.3.0.6" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.9" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.3" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.3.0.6" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.12" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.13" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-024621" }, { "db": "NVD", "id": "CVE-2023-51744" } ] }, "cve": "CVE-2023-51744", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "productcert@siemens.com", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2023-51744", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-51744", "trust": 1.8, "value": "MEDIUM" }, { "author": "productcert@siemens.com", "id": "CVE-2023-51744", "trust": 1.0, "value": "LOW" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-024621" }, { "db": "NVD", "id": "CVE-2023-51744" }, { "db": "NVD", "id": "CVE-2023-51744" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.6), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.13), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.12), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.9), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.6). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens\u0027 JT2Go and Teamcenter Visualization for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-51744" }, { "db": "JVNDB", "id": "JVNDB-2023-024621" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-51744", "trust": 2.6 }, { "db": "SIEMENS", "id": "SSA-794653", "trust": 1.8 }, { "db": "ICS CERT", "id": "ICSA-24-011-06", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU92179258", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-024621", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-024621" }, { "db": "NVD", "id": "CVE-2023-51744" } ] }, "id": "VAR-202401-0192", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2024-02-02T22:35:07.392000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.0 }, { "problemtype": "NULL Pointer dereference (CWE-476) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-024621" }, { "db": "NVD", "id": "CVE-2023-51744" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu92179258/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-51744" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-06" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-024621" }, { "db": "NVD", "id": "CVE-2023-51744" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2023-024621" }, { "db": "NVD", "id": "CVE-2023-51744" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-024621" }, { "date": "2024-01-09T10:15:21.657000", "db": "NVD", "id": "CVE-2023-51744" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-01T02:55:00", "db": "JVNDB", "id": "JVNDB-2023-024621" }, { "date": "2024-01-11T20:39:08.490000", "db": "NVD", "id": "CVE-2023-51744" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-024621" } ], "trust": 0.8 } }
var-202212-1173
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1173", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.12" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.6" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.8" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "jt2go", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.4" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023190" }, { "db": "NVD", "id": "CVE-2022-41281" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.4", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.8", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.12", "versionStartIncluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-41281" } ] }, "cve": "CVE-2022-41281", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "OTHER", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2022-023190", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2022-41281", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2022-41281", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2022-023190", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202212-3111", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023190" }, { "db": "NVD", "id": "CVE-2022-41281" }, { "db": "NVD", "id": "CVE-2022-41281" }, { "db": "CNNVD", "id": "CNNVD-202212-3111" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. Siemens\u0027 JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-41281" }, { "db": "JVNDB", "id": "JVNDB-2022-023190" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-41281", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-700053", "trust": 2.4 }, { "db": "ICS CERT", "id": "ICSA-22-349-20", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU91561630", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-023190", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202212-3111", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023190" }, { "db": "NVD", "id": "CVE-2022-41281" }, { "db": "CNNVD", "id": "CNNVD-202212-3111" } ] }, "id": "VAR-202212-1173", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:58:52.389000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens part of the product Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=217849" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3111" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023190" }, { "db": "NVD", "id": "CVE-2022-41281" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91561630/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41281" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-20" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-41281/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023190" }, { "db": "NVD", "id": "CVE-2022-41281" }, { "db": "CNNVD", "id": "CNNVD-202212-3111" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2022-023190" }, { "db": "NVD", "id": "CVE-2022-41281" }, { "db": "CNNVD", "id": "CNNVD-202212-3111" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-023190" }, { "date": "2022-12-13T16:15:22.383000", "db": "NVD", "id": "CVE-2022-41281" }, { "date": "2022-12-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3111" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-28T02:21:00", "db": "JVNDB", "id": "JVNDB-2022-023190" }, { "date": "2023-04-11T10:15:16.827000", "db": "NVD", "id": "CVE-2022-41281" }, { "date": "2023-04-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3111" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3111" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023190" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3111" } ], "trust": 0.6 } }
var-202401-0189
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202401-0189", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.2" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.3.0.6" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.9" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.3" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.3.0.6" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.12" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.13" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-024619" }, { "db": "NVD", "id": "CVE-2023-51746" } ] }, "cve": "CVE-2023-51746", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-51746", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-51746", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2023-51746", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-024619" }, { "db": "NVD", "id": "CVE-2023-51746" }, { "db": "NVD", "id": "CVE-2023-51746" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.6), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.13), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.12), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.9), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. Siemens\u0027 JT2Go and Teamcenter Visualization Exists in a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-51746" }, { "db": "JVNDB", "id": "JVNDB-2023-024619" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-51746", "trust": 2.6 }, { "db": "SIEMENS", "id": "SSA-794653", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU92179258", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-24-011-06", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-024619", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-024619" }, { "db": "NVD", "id": "CVE-2023-51746" } ] }, "id": "VAR-202401-0189", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2024-02-02T22:35:07.614000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-024619" }, { "db": "NVD", "id": "CVE-2023-51746" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu92179258/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-51746" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-06" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-024619" }, { "db": "NVD", "id": "CVE-2023-51746" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2023-024619" }, { "db": "NVD", "id": "CVE-2023-51746" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-024619" }, { "date": "2024-01-09T10:15:22.253000", "db": "NVD", "id": "CVE-2023-51746" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-01T02:55:00", "db": "JVNDB", "id": "JVNDB-2023-024619" }, { "date": "2024-01-11T20:35:08.503000", "db": "NVD", "id": "CVE-2023-51746" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Stack-based buffer overflow vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-024619" } ], "trust": 0.8 } }
var-202212-1164
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.9), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.5), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CCITT_G4Decode.dll contains an out of bounds read vulnerability when parsing a RAS file. An attacker can leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19056). Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of RAS files. Crafted data in an RAS file can trigger a read past the end of an allocated buffer
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1164", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.12" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.6" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.8" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "jt2go", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.4" }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-1684" }, { "db": "JVNDB", "id": "JVNDB-2022-023517" }, { "db": "NVD", "id": "CVE-2022-45484" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.4", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.8", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.12", "versionStartIncluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-45484" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-22-1684" } ], "trust": 0.7 }, "cve": "CVE-2022-45484", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "productcert@siemens.com", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "OTHER", "availabilityImpact": "Low", "baseScore": 3.3, "baseSeverity": "Low", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2022-023517", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2022-45484", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2022-45484", "trust": 1.0, "value": "LOW" }, { "author": "NVD", "id": "CVE-2022-45484", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2022-023517", "trust": 0.8, "value": "Low" }, { "author": "ZDI", "id": "CVE-2022-45484", "trust": 0.7, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202212-3095", "trust": 0.6, "value": "LOW" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-1684" }, { "db": "JVNDB", "id": "JVNDB-2022-023517" }, { "db": "NVD", "id": "CVE-2022-45484" }, { "db": "NVD", "id": "CVE-2022-45484" }, { "db": "CNNVD", "id": "CNNVD-202212-3095" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.9), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.5), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CCITT_G4Decode.dll contains an out of bounds read vulnerability when parsing a RAS file. An attacker can leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19056). Siemens\u0027 JT2Go and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of RAS files. Crafted data in an RAS file can trigger a read past the end of an allocated buffer", "sources": [ { "db": "NVD", "id": "CVE-2022-45484" }, { "db": "JVNDB", "id": "JVNDB-2022-023517" }, { "db": "ZDI", "id": "ZDI-22-1684" }, { "db": "VULMON", "id": "CVE-2022-45484" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-45484", "trust": 4.0 }, { "db": "SIEMENS", "id": "SSA-700053", "trust": 2.5 }, { "db": "ICS CERT", "id": "ICSA-22-349-20", "trust": 0.9 }, { "db": "JVN", "id": "JVNVU91561630", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-023517", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19056", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-22-1684", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-202212-3095", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-45484", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-1684" }, { "db": "VULMON", "id": "CVE-2022-45484" }, { "db": "JVNDB", "id": "JVNDB-2022-023517" }, { "db": "NVD", "id": "CVE-2022-45484" }, { "db": "CNNVD", "id": "CNNVD-202212-3095" } ] }, "id": "VAR-202212-1164", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:50:28.470000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-700053.html" }, { "title": "Siemens part of the product Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=228952" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-1684" }, { "db": "CNNVD", "id": "CNNVD-202212-3095" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023517" }, { "db": "NVD", "id": "CVE-2022-45484" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91561630/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-45484" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-20" }, { "trust": 0.7, "url": "https://cert-portal.siemens.com/productcert/html/ssa-700053.html" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-45484/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-20" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-1684" }, { "db": "VULMON", "id": "CVE-2022-45484" }, { "db": "JVNDB", "id": "JVNDB-2022-023517" }, { "db": "NVD", "id": "CVE-2022-45484" }, { "db": "CNNVD", "id": "CNNVD-202212-3095" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-22-1684" }, { "db": "VULMON", "id": "CVE-2022-45484" }, { "db": "JVNDB", "id": "JVNDB-2022-023517" }, { "db": "NVD", "id": "CVE-2022-45484" }, { "db": "CNNVD", "id": "CNNVD-202212-3095" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-21T00:00:00", "db": "ZDI", "id": "ZDI-22-1684" }, { "date": "2022-12-13T00:00:00", "db": "VULMON", "id": "CVE-2022-45484" }, { "date": "2023-11-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-023517" }, { "date": "2022-12-13T16:15:24.680000", "db": "NVD", "id": "CVE-2022-45484" }, { "date": "2022-12-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3095" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-21T00:00:00", "db": "ZDI", "id": "ZDI-22-1684" }, { "date": "2022-12-13T00:00:00", "db": "VULMON", "id": "CVE-2022-45484" }, { "date": "2023-11-29T03:02:00", "db": "JVNDB", "id": "JVNDB-2022-023517" }, { "date": "2023-04-11T10:15:17.677000", "db": "NVD", "id": "CVE-2022-45484" }, { "date": "2023-04-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3095" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3095" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023517" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3095" } ], "trust": 0.6 } }
var-202202-0087
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110). Zero Day Initiative To this vulnerability ZDI-CAN-15110 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0087", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "solid edge", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "se2021" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.1" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.7" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.7" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "solid edge", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "se2022" }, { "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2.0.7" }, { "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.3.0.1" }, { "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0.9" }, { "model": "solid edge", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-338" }, { "db": "JVNDB", "id": "JVNDB-2022-005319" }, { "db": "NVD", "id": "CVE-2021-44016" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.1", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2022:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.7", "versionStartIncluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.7", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44016" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-22-338" }, { "db": "CNNVD", "id": "CNNVD-202202-810" } ], "trust": 1.3 }, "cve": "CVE-2021-44016", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-44016", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-44016", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-44016", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-44016", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-44016", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202202-810", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-338" }, { "db": "JVNDB", "id": "JVNDB-2022-005319" }, { "db": "NVD", "id": "CVE-2021-44016" }, { "db": "CNNVD", "id": "CNNVD-202202-810" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.7), Solid Edge SE2021 (All versions \u003c SE2021MP9), Solid Edge SE2022 (All versions \u003c SE2022MP1), Teamcenter Visualization V13.1 (All versions \u003c V13.1.0.9), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.7), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110). Zero Day Initiative To this vulnerability ZDI-CAN-15110 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition", "sources": [ { "db": "NVD", "id": "CVE-2021-44016" }, { "db": "JVNDB", "id": "JVNDB-2022-005319" }, { "db": "ZDI", "id": "ZDI-22-338" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-44016", "trust": 3.9 }, { "db": "ZDI", "id": "ZDI-22-338", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-301589", "trust": 1.6 }, { "db": "ICS CERT", "id": "ICSA-22-041-07", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU98748974", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-005319", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-15110", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022021110", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202202-810", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-338" }, { "db": "JVNDB", "id": "JVNDB-2022-005319" }, { "db": "NVD", "id": "CVE-2021-44016" }, { "db": "CNNVD", "id": "CNNVD-202202-810" } ] }, "id": "VAR-202202-0087", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:52:28.431000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-301589", "trust": 1.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "title": "Siemens Solid Edge Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=185273" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-338" }, { "db": "JVNDB", "id": "JVNDB-2022-005319" }, { "db": "CNNVD", "id": "CNNVD-202202-810" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Buffer error (CWE-119) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-005319" }, { "db": "NVD", "id": "CVE-2021-44016" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://www.zerodayinitiative.com/advisories/zdi-22-338/" }, { "trust": 2.3, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44016" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-041-07" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu98748974/index.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022021110" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-041-07-1" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-041-07-0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-338" }, { "db": "JVNDB", "id": "JVNDB-2022-005319" }, { "db": "NVD", "id": "CVE-2021-44016" }, { "db": "CNNVD", "id": "CNNVD-202202-810" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-22-338" }, { "db": "JVNDB", "id": "JVNDB-2022-005319" }, { "db": "NVD", "id": "CVE-2021-44016" }, { "db": "CNNVD", "id": "CNNVD-202202-810" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-15T00:00:00", "db": "ZDI", "id": "ZDI-22-338" }, { "date": "2023-05-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-005319" }, { "date": "2022-02-09T16:15:14.163000", "db": "NVD", "id": "CVE-2021-44016" }, { "date": "2022-02-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202202-810" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-15T00:00:00", "db": "ZDI", "id": "ZDI-22-338" }, { "date": "2023-05-26T08:24:00", "db": "JVNDB", "id": "JVNDB-2022-005319" }, { "date": "2023-06-26T18:54:58.260000", "db": "NVD", "id": "CVE-2021-44016" }, { "date": "2023-06-27T00:00:00", "db": "CNNVD", "id": "CNNVD-202202-810" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202202-810" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer error vulnerability in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-005319" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202202-810" } ], "trust": 0.6 } }
var-202107-1409
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13355). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13355 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SGI files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-843" }, { "db": "JVNDB", "id": "JVNDB-2021-009322" }, { "db": "NVD", "id": "CVE-2021-34314" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34314" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-843" } ], "trust": 0.7 }, "cve": "CVE-2021-34314", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34314", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34314", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34314", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34314", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34314", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-890", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-34314", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-843" }, { "db": "VULMON", "id": "CVE-2021-34314" }, { "db": "JVNDB", "id": "JVNDB-2021-009322" }, { "db": "NVD", "id": "CVE-2021-34314" }, { "db": "CNNVD", "id": "CNNVD-202107-890" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13355). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13355 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SGI files", "sources": [ { "db": "NVD", "id": "CVE-2021-34314" }, { "db": "JVNDB", "id": "JVNDB-2021-009322" }, { "db": "ZDI", "id": "ZDI-21-843" }, { "db": "VULMON", "id": "CVE-2021-34314" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34314", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-843", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009322", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13355", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-890", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34314", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-843" }, { "db": "VULMON", "id": "CVE-2021-34314" }, { "db": "JVNDB", "id": "JVNDB-2021-009322" }, { "db": "NVD", "id": "CVE-2021-34314" }, { "db": "CNNVD", "id": "CNNVD-202107-890" } ] }, "id": "VAR-202107-1409", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:15:31.095000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156583" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-843" }, { "db": "VULMON", "id": "CVE-2021-34314" }, { "db": "JVNDB", "id": "JVNDB-2021-009322" }, { "db": "CNNVD", "id": "CNNVD-202107-890" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009322" }, { "db": "NVD", "id": "CVE-2021-34314" } ] }, "references": { "_id": null, "data": [ { "trust": 3.1, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-843/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34314" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-843" }, { "db": "VULMON", "id": "CVE-2021-34314" }, { "db": "JVNDB", "id": "JVNDB-2021-009322" }, { "db": "NVD", "id": "CVE-2021-34314" }, { "db": "CNNVD", "id": "CNNVD-202107-890" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-843", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34314", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009322", "ident": null }, { "db": "NVD", "id": "CVE-2021-34314", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-890", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-843", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34314", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009322", "ident": null }, { "date": "2021-07-13T11:15:11.983000", "db": "NVD", "id": "CVE-2021-34314", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-890", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-843", "ident": null }, { "date": "2021-07-19T00:00:00", "db": "VULMON", "id": "CVE-2021-34314", "ident": null }, { "date": "2022-04-20T08:22:00", "db": "JVNDB", "id": "JVNDB-2021-009322", "ident": null }, { "date": "2021-07-27T14:04:37.457000", "db": "NVD", "id": "CVE-2021-34314", "ident": null }, { "date": "2021-08-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-890", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-890" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009322" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-890" } ], "trust": 0.6 } }
var-202101-0484
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing PAR files. This can result in an out of bounds write past the memory location that is a read only image address. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11885). Several Siemens products are vulnerable to out-of-bounds writes. Zero Day Initiative To this vulnerability ZDI-CAN-11885 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment.
JT2Go and Teamcenter Visualization have security vulnerabilities
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "solid edge", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "se2020" }, { "_id": null, "model": "solid edge", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "se2021" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0.1" }, { "_id": null, "model": "solid edge", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "solid edge viewer", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-073" }, { "db": "ZDI", "id": "ZDI-21-047" }, { "db": "CNVD", "id": "CNVD-2021-02574" }, { "db": "JVNDB", "id": "JVNDB-2020-015261" }, { "db": "NVD", "id": "CVE-2020-28383" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-21-073" }, { "db": "ZDI", "id": "ZDI-21-047" } ], "trust": 1.4 }, "cve": "CVE-2020-28383", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-28383", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2021-02574", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-28383", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-28383", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-28383", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2020-28383", "trust": 1.4, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2020-28383", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2020-28383", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2021-02574", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202101-918", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-073" }, { "db": "ZDI", "id": "ZDI-21-047" }, { "db": "CNVD", "id": "CNVD-2021-02574" }, { "db": "JVNDB", "id": "JVNDB-2020-015261" }, { "db": "CNNVD", "id": "CNNVD-202101-918" }, { "db": "NVD", "id": "CVE-2020-28383" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Solid Edge SE2020 (All Versions \u003c SE2020MP12), Solid Edge SE2021 (All Versions \u003c SE2021MP2), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing PAR files. This can result in an out of bounds write past the memory location that is a read only image address. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11885). Several Siemens products are vulnerable to out-of-bounds writes. Zero Day Initiative To this vulnerability ZDI-CAN-11885 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment. \n\r\n\r\nJT2Go and Teamcenter Visualization have security vulnerabilities", "sources": [ { "db": "NVD", "id": "CVE-2020-28383" }, { "db": "JVNDB", "id": "JVNDB-2020-015261" }, { "db": "ZDI", "id": "ZDI-21-073" }, { "db": "ZDI", "id": "ZDI-21-047" }, { "db": "CNVD", "id": "CNVD-2021-02574" } ], "trust": 3.42 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-28383", "trust": 4.4 }, { "db": "ZDI", "id": "ZDI-21-047", "trust": 3.1 }, { "db": "ICS CERT", "id": "ICSA-21-012-04", "trust": 2.4 }, { "db": "ZDI", "id": "ZDI-21-073", "trust": 2.3 }, { "db": "SIEMENS", "id": "SSA-622830", "trust": 2.2 }, { "db": "SIEMENS", "id": "SSA-663999", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-979834", "trust": 1.6 }, { "db": "ZDI", "id": "ZDI-21-054", "trust": 1.6 }, { "db": "JVN", "id": "JVNVU91685542", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015261", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11921", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11885", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2021-02574", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-040-06", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-012-03", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0125", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-918", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-073" }, { "db": "ZDI", "id": "ZDI-21-047" }, { "db": "CNVD", "id": "CNVD-2021-02574" }, { "db": "JVNDB", "id": "JVNDB-2020-015261" }, { "db": "CNNVD", "id": "CNNVD-202101-918" }, { "db": "NVD", "id": "CVE-2020-28383" } ] }, "id": "VAR-202101-0484", "iot": { "_id": null, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-02574" } ], "trust": 0.06 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02574" } ] }, "last_update_date": "2024-11-23T20:01:36.955000Z", "patch": { "_id": null, "data": [ { "title": "", "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "title": "SSA-979834", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "title": "Patch for Unspecified vulnerability exists in JT2Go and Teamcenter Visualization (CNVD-2021-02574)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/243958" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139393" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-073" }, { "db": "ZDI", "id": "ZDI-21-047" }, { "db": "CNVD", "id": "CNVD-2021-02574" }, { "db": "JVNDB", "id": "JVNDB-2020-015261" }, { "db": "CNNVD", "id": "CNNVD-202101-918" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015261" }, { "db": "NVD", "id": "CVE-2020-28383" } ] }, "references": { "_id": null, "data": [ { "trust": 2.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04" }, { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-047/" }, { "trust": 2.2, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "trust": 1.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-073/" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf" }, { "trust": 1.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-054/" }, { "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28383" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91685542/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0125/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-073" }, { "db": "ZDI", "id": "ZDI-21-047" }, { "db": "CNVD", "id": "CNVD-2021-02574" }, { "db": "JVNDB", "id": "JVNDB-2020-015261" }, { "db": "CNNVD", "id": "CNNVD-202101-918" }, { "db": "NVD", "id": "CVE-2020-28383" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-073", "ident": null }, { "db": "ZDI", "id": "ZDI-21-047", "ident": null }, { "db": "CNVD", "id": "CNVD-2021-02574", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015261", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202101-918", "ident": null }, { "db": "NVD", "id": "CVE-2020-28383", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-01-19T00:00:00", "db": "ZDI", "id": "ZDI-21-073", "ident": null }, { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-047", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02574", "ident": null }, { "date": "2021-09-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015261", "ident": null }, { "date": "2021-01-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-918", "ident": null }, { "date": "2021-01-12T21:15:17.853000", "db": "NVD", "id": "CVE-2020-28383", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-01-19T00:00:00", "db": "ZDI", "id": "ZDI-21-073", "ident": null }, { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-047", "ident": null }, { "date": "2021-02-04T00:00:00", "db": "CNVD", "id": "CNVD-2021-02574", "ident": null }, { "date": "2021-09-15T08:32:00", "db": "JVNDB", "id": "JVNDB-2020-015261", "ident": null }, { "date": "2021-05-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-918", "ident": null }, { "date": "2024-11-21T05:22:41.487000", "db": "NVD", "id": "CVE-2020-28383", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-918" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Out-of-bounds write vulnerabilities in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015261" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-918" } ], "trust": 0.6 } }
var-202107-1377
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13020). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13020 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of GIF files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-850" }, { "db": "JVNDB", "id": "JVNDB-2021-009346" }, { "db": "NVD", "id": "CVE-2021-34293" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34293" } ] }, "credits": { "_id": null, "data": "xina1i at SecZone", "sources": [ { "db": "ZDI", "id": "ZDI-21-850" } ], "trust": 0.7 }, "cve": "CVE-2021-34293", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34293", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34293", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-34293", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34293", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2021-34293", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-862", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-34293", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-850" }, { "db": "VULMON", "id": "CVE-2021-34293" }, { "db": "JVNDB", "id": "JVNDB-2021-009346" }, { "db": "NVD", "id": "CVE-2021-34293" }, { "db": "CNNVD", "id": "CNNVD-202107-862" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13020). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13020 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of GIF files", "sources": [ { "db": "NVD", "id": "CVE-2021-34293" }, { "db": "JVNDB", "id": "JVNDB-2021-009346" }, { "db": "ZDI", "id": "ZDI-21-850" }, { "db": "VULMON", "id": "CVE-2021-34293" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34293", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-850", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009346", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13020", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-862", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34293", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-850" }, { "db": "VULMON", "id": "CVE-2021-34293" }, { "db": "JVNDB", "id": "JVNDB-2021-009346" }, { "db": "NVD", "id": "CVE-2021-34293" }, { "db": "CNNVD", "id": "CNNVD-202107-862" } ] }, "id": "VAR-202107-1377", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:58:40.532000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156555" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-850" }, { "db": "VULMON", "id": "CVE-2021-34293" }, { "db": "JVNDB", "id": "JVNDB-2021-009346" }, { "db": "CNNVD", "id": "CNNVD-202107-862" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009346" }, { "db": "NVD", "id": "CVE-2021-34293" } ] }, "references": { "_id": null, "data": [ { "trust": 2.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-850/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34293" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-850" }, { "db": "VULMON", "id": "CVE-2021-34293" }, { "db": "JVNDB", "id": "JVNDB-2021-009346" }, { "db": "NVD", "id": "CVE-2021-34293" }, { "db": "CNNVD", "id": "CNNVD-202107-862" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-850", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34293", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009346", "ident": null }, { "db": "NVD", "id": "CVE-2021-34293", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-862", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-850", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34293", "ident": null }, { "date": "2022-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009346", "ident": null }, { "date": "2021-07-13T11:15:10.393000", "db": "NVD", "id": "CVE-2021-34293", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-862", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-850", "ident": null }, { "date": "2021-07-27T00:00:00", "db": "VULMON", "id": "CVE-2021-34293", "ident": null }, { "date": "2022-04-20T09:07:00", "db": "JVNDB", "id": "JVNDB-2021-009346", "ident": null }, { "date": "2021-07-27T14:51:56.147000", "db": "NVD", "id": "CVE-2021-34293", "ident": null }, { "date": "2021-08-02T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-862", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-862" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009346" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-862" } ], "trust": 0.6 } }
var-202102-0324
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing TIFF files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12158). JT2Go and Teamcenter Visualization Is vulnerable to a buffer error. Zero Day Initiative To this vulnerability ZDI-CAN-12158 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIFF files
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-229" }, { "db": "JVNDB", "id": "JVNDB-2020-015924" }, { "db": "NVD", "id": "CVE-2020-27003" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.0.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-27003" } ] }, "credits": { "_id": null, "data": "Francis Provencher {PRL}", "sources": [ { "db": "ZDI", "id": "ZDI-21-229" } ], "trust": 0.7 }, "cve": "CVE-2020-27003", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.6, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-27003", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-27003", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-27003", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-27003", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2020-27003", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202102-868", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-229" }, { "db": "JVNDB", "id": "JVNDB-2020-015924" }, { "db": "NVD", "id": "CVE-2020-27003" }, { "db": "CNNVD", "id": "CNNVD-202102-868" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing TIFF files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12158). JT2Go and Teamcenter Visualization Is vulnerable to a buffer error. Zero Day Initiative To this vulnerability ZDI-CAN-12158 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIFF files", "sources": [ { "db": "NVD", "id": "CVE-2020-27003" }, { "db": "JVNDB", "id": "JVNDB-2020-015924" }, { "db": "ZDI", "id": "ZDI-21-229" } ], "trust": 2.25 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-27003", "trust": 3.1 }, { "db": "ZDI", "id": "ZDI-21-229", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-663999", "trust": 1.6 }, { "db": "JVN", "id": "JVNVU91083521", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015924", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12158", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-040-06", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0495", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202102-868", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-229" }, { "db": "JVNDB", "id": "JVNDB-2020-015924" }, { "db": "NVD", "id": "CVE-2020-27003" }, { "db": "CNNVD", "id": "CNNVD-202102-868" } ] }, "id": "VAR-202102-0324", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T10:58:25.436000Z", "patch": { "_id": null, "data": [ { "title": "SSA-663999", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "title": "JT2Go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=141290" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-229" }, { "db": "JVNDB", "id": "JVNDB-2020-015924" }, { "db": "CNNVD", "id": "CNNVD-202102-868" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-822", "trust": 1.0 }, { "problemtype": "Buffer error (CWE-119) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015924" }, { "db": "NVD", "id": "CVE-2020-27003" } ] }, "references": { "_id": null, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-229/" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "trust": 1.3, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91083521/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27003" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0495" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-229" }, { "db": "JVNDB", "id": "JVNDB-2020-015924" }, { "db": "NVD", "id": "CVE-2020-27003" }, { "db": "CNNVD", "id": "CNNVD-202102-868" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-229", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015924", "ident": null }, { "db": "NVD", "id": "CVE-2020-27003", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202102-868", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-229", "ident": null }, { "date": "2021-10-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015924", "ident": null }, { "date": "2021-02-09T17:15:14.140000", "db": "NVD", "id": "CVE-2020-27003", "ident": null }, { "date": "2021-02-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-868", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-229", "ident": null }, { "date": "2021-10-25T06:28:00", "db": "JVNDB", "id": "JVNDB-2020-015924", "ident": null }, { "date": "2021-03-05T18:54:01.850000", "db": "NVD", "id": "CVE-2020-27003", "ident": null }, { "date": "2021-03-01T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-868", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-868" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Buffer Error Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015924" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-868" } ], "trust": 0.6 } }
var-202401-0190
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202401-0190", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.2" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.3.0.6" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.9" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.3" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.3.0.6" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.12" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.13" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-024620" }, { "db": "NVD", "id": "CVE-2023-51745" } ] }, "cve": "CVE-2023-51745", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-51745", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-51745", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2023-51745", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-024620" }, { "db": "NVD", "id": "CVE-2023-51745" }, { "db": "NVD", "id": "CVE-2023-51745" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.6), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.13), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.12), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.9), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. Siemens\u0027 JT2Go and Teamcenter Visualization Exists in a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-51745" }, { "db": "JVNDB", "id": "JVNDB-2023-024620" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-51745", "trust": 2.6 }, { "db": "SIEMENS", "id": "SSA-794653", "trust": 1.8 }, { "db": "ICS CERT", "id": "ICSA-24-011-06", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU92179258", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-024620", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-024620" }, { "db": "NVD", "id": "CVE-2023-51745" } ] }, "id": "VAR-202401-0190", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2024-02-02T22:35:07.666000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-024620" }, { "db": "NVD", "id": "CVE-2023-51745" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu92179258/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-51745" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-06" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-024620" }, { "db": "NVD", "id": "CVE-2023-51745" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2023-024620" }, { "db": "NVD", "id": "CVE-2023-51745" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-024620" }, { "date": "2024-01-09T10:15:21.947000", "db": "NVD", "id": "CVE-2023-51745" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-01T02:55:00", "db": "JVNDB", "id": "JVNDB-2023-024620" }, { "date": "2024-01-11T20:39:21.337000", "db": "NVD", "id": "CVE-2023-51745" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Stack-based buffer overflow vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-024620" } ], "trust": 0.8 } }
var-202308-0232
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted TIFF file. This could allow an attacker to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202308-0232", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.10" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.5" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.2" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.5" }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021429" }, { "db": "NVD", "id": "CVE-2023-38683" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.2.0.5", "versionStartIncluding": "14.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.2.0.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.10", "versionStartIncluding": "14.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-38683" } ] }, "cve": "CVE-2023-38683", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-38683", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-38683", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2023-38683", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021429" }, { "db": "NVD", "id": "CVE-2023-38683" }, { "db": "NVD", "id": "CVE-2023-38683" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.2.0.5), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.14), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.10), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.5). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted TIFF file. This could allow an attacker to execute code in the context of the current process. Siemens\u0027 JT2Go and Teamcenter Visualization Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-38683" }, { "db": "JVNDB", "id": "JVNDB-2023-021429" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-38683", "trust": 2.6 }, { "db": "SIEMENS", "id": "SSA-131450", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU90056839", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-23-222-01", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-021429", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021429" }, { "db": "NVD", "id": "CVE-2023-38683" } ] }, "id": "VAR-202308-0232", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2024-01-20T21:24:44.398000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021429" }, { "db": "NVD", "id": "CVE-2023-38683" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu90056839/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38683" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-222-01" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021429" }, { "db": "NVD", "id": "CVE-2023-38683" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2023-021429" }, { "db": "NVD", "id": "CVE-2023-38683" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-021429" }, { "date": "2023-08-08T10:15:16.983000", "db": "NVD", "id": "CVE-2023-38683" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-01-19T05:42:00", "db": "JVNDB", "id": "JVNDB-2023-021429" }, { "date": "2023-08-14T18:53:43.780000", "db": "NVD", "id": "CVE-2023-38683" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds write vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021429" } ], "trust": 0.8 } }
var-202107-1420
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13421). JT2Go and Teamcenter Visualization There is a vulnerability related to out-of-bounds reading and a vulnerability related to input verification. Zero Day Initiative To this vulnerability ZDI-CAN-13421 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.2" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-863" }, { "db": "JVNDB", "id": "JVNDB-2021-009280" }, { "db": "NVD", "id": "CVE-2021-34325" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34325" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-863" } ], "trust": 0.7 }, "cve": "CVE-2021-34325", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34325", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34325", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2021-34325", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34325", "trust": 1.8, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2021-34325", "trust": 0.7, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202107-922", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-34325", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-863" }, { "db": "VULMON", "id": "CVE-2021-34325" }, { "db": "JVNDB", "id": "JVNDB-2021-009280" }, { "db": "NVD", "id": "CVE-2021-34325" }, { "db": "CNNVD", "id": "CNNVD-202107-922" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13421). JT2Go and Teamcenter Visualization There is a vulnerability related to out-of-bounds reading and a vulnerability related to input verification. Zero Day Initiative To this vulnerability ZDI-CAN-13421 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-34325" }, { "db": "JVNDB", "id": "JVNDB-2021-009280" }, { "db": "ZDI", "id": "ZDI-21-863" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-34325" } ], "trust": 2.88 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-34325", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-21-863", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-483182", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-009280", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13421", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-21-194-15", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021071508", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-922", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34325", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-863" }, { "db": "VULMON", "id": "CVE-2021-34325" }, { "db": "JVNDB", "id": "JVNDB-2021-009280" }, { "db": "NVD", "id": "CVE-2021-34325" }, { "db": "CNNVD", "id": "CNNVD-202107-922" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "id": "VAR-202107-1420", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:51:19.832000Z", "patch": { "_id": null, "data": [ { "title": "SSA-483182", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=156615" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34325 " } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-863" }, { "db": "VULMON", "id": "CVE-2021-34325" }, { "db": "JVNDB", "id": "JVNDB-2021-009280" }, { "db": "CNNVD", "id": "CNNVD-202107-922" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009280" }, { "db": "NVD", "id": "CVE-2021-34325" } ] }, "references": { "_id": null, "data": [ { "trust": 3.2, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-863/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34325" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071508" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-34325" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-863" }, { "db": "VULMON", "id": "CVE-2021-34325" }, { "db": "JVNDB", "id": "JVNDB-2021-009280" }, { "db": "NVD", "id": "CVE-2021-34325" }, { "db": "CNNVD", "id": "CNNVD-202107-922" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-863", "ident": null }, { "db": "VULMON", "id": "CVE-2021-34325", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-009280", "ident": null }, { "db": "NVD", "id": "CVE-2021-34325", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202107-922", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-863", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-34325", "ident": null }, { "date": "2022-04-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009280", "ident": null }, { "date": "2021-07-13T11:15:12.850000", "db": "NVD", "id": "CVE-2021-34325", "ident": null }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-922", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-19T00:00:00", "db": "ZDI", "id": "ZDI-21-863", "ident": null }, { "date": "2022-10-07T00:00:00", "db": "VULMON", "id": "CVE-2021-34325", "ident": null }, { "date": "2022-04-19T09:35:00", "db": "JVNDB", "id": "JVNDB-2021-009280", "ident": null }, { "date": "2022-10-07T20:47:33.240000", "db": "NVD", "id": "CVE-2021-34325", "ident": null }, { "date": "2022-10-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-922", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-922" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009280" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-922" } ], "trust": 0.6 } }
var-202101-0351
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11897). JT2Go and Teamcenter Visualization Exists in a mistyped vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-11897 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of ASM files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT,
VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" }, { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v13.1.0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-055" }, { "db": "CNVD", "id": "CNVD-2021-02581" }, { "db": "JVNDB", "id": "JVNDB-2020-015254" }, { "db": "NVD", "id": "CVE-2020-26990" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-21-055" } ], "trust": 0.7 }, "cve": "CVE-2020-26990", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-26990", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2021-02581", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2020-26990", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-26990", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-26990", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-26990", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2020-26990", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2020-26990", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2021-02581", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202101-847", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-055" }, { "db": "CNVD", "id": "CNVD-2021-02581" }, { "db": "JVNDB", "id": "JVNDB-2020-015254" }, { "db": "CNNVD", "id": "CNNVD-202101-847" }, { "db": "NVD", "id": "CVE-2020-26990" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11897). JT2Go and Teamcenter Visualization Exists in a mistyped vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-11897 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of ASM files. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT,\r\n\r\nVFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment", "sources": [ { "db": "NVD", "id": "CVE-2020-26990" }, { "db": "JVNDB", "id": "JVNDB-2020-015254" }, { "db": "ZDI", "id": "ZDI-21-055" }, { "db": "CNVD", "id": "CNVD-2021-02581" } ], "trust": 2.79 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-26990", "trust": 3.7 }, { "db": "ZDI", "id": "ZDI-21-055", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-622830", "trust": 2.2 }, { "db": "SIEMENS", "id": "SSA-663999", "trust": 1.6 }, { "db": "JVN", "id": "JVNVU91685542", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015254", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11897", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2021-02581", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-040-06", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-012-03", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0125", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0495", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-847", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-055" }, { "db": "CNVD", "id": "CNVD-2021-02581" }, { "db": "JVNDB", "id": "JVNDB-2020-015254" }, { "db": "CNNVD", "id": "CNNVD-202101-847" }, { "db": "NVD", "id": "CVE-2020-26990" } ] }, "id": "VAR-202101-0351", "iot": { "_id": null, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-02581" } ], "trust": 0.06 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-02581" } ] }, "last_update_date": "2024-11-23T20:16:35.387000Z", "patch": { "_id": null, "data": [ { "title": "SSA-622830 Siemens\u00a0Security\u00a0Advisory", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "title": "Patch for JT2Go and Teamcenter Visualization incompatible type access resource vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/243979" }, { "title": "Siemens Jt2go and Siemens Teamcenter Visualization Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139358" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-055" }, { "db": "CNVD", "id": "CNVD-2021-02581" }, { "db": "JVNDB", "id": "JVNDB-2020-015254" }, { "db": "CNNVD", "id": "CNNVD-202101-847" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-843", "trust": 1.0 }, { "problemtype": "Wrong type (CWE-843) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015254" }, { "db": "NVD", "id": "CVE-2020-26990" } ] }, "references": { "_id": null, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-055/" }, { "trust": 2.2, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26990" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91685542/" }, { "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0495" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0125/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-055" }, { "db": "CNVD", "id": "CNVD-2021-02581" }, { "db": "JVNDB", "id": "JVNDB-2020-015254" }, { "db": "CNNVD", "id": "CNNVD-202101-847" }, { "db": "NVD", "id": "CVE-2020-26990" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-055", "ident": null }, { "db": "CNVD", "id": "CNVD-2021-02581", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015254", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202101-847", "ident": null }, { "db": "NVD", "id": "CVE-2020-26990", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-055", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02581", "ident": null }, { "date": "2021-09-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015254", "ident": null }, { "date": "2021-01-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-847", "ident": null }, { "date": "2021-01-12T21:15:17.260000", "db": "NVD", "id": "CVE-2020-26990", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-055", "ident": null }, { "date": "2021-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2021-02581", "ident": null }, { "date": "2021-09-15T08:31:00", "db": "JVNDB", "id": "JVNDB-2020-015254", "ident": null }, { "date": "2021-05-20T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-847", "ident": null }, { "date": "2024-11-21T05:20:38.333000", "db": "NVD", "id": "CVE-2020-26990", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-847" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Vulnerability regarding mistyping in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015254" } ], "trust": 0.8 }, "type": { "_id": null, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-847" } ], "trust": 0.6 } }
var-202102-0327
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PCT files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12182). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-12182 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PCT files. The Tenda AC18 is a router from the Chinese company Tenda
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "_id": null, "model": "teamcenter visualization", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "13.1.0.1" }, { "_id": null, "model": "jt2go", "scope": null, "trust": 0.7, "vendor": "siemens", "version": null }, { "_id": null, "model": "ac18", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.05" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-232" }, { "db": "CNVD", "id": "CNVD-2022-75821" }, { "db": "JVNDB", "id": "JVNDB-2020-015914" }, { "db": "NVD", "id": "CVE-2020-27006" } ] }, "credits": { "_id": null, "data": "Francis Provencher {PRL}", "sources": [ { "db": "ZDI", "id": "ZDI-21-232" } ], "trust": 0.7 }, "cve": "CVE-2020-27006", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2020-27006", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2022-75821", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-27006", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-27006", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-27006", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-27006", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2020-27006", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2020-27006", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2022-75821", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202102-864", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-232" }, { "db": "CNVD", "id": "CNVD-2022-75821" }, { "db": "JVNDB", "id": "JVNDB-2020-015914" }, { "db": "CNNVD", "id": "CNNVD-202102-864" }, { "db": "NVD", "id": "CVE-2020-27006" } ] }, "description": { "_id": null, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PCT files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12182). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-12182 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PCT files. The Tenda AC18 is a router from the Chinese company Tenda", "sources": [ { "db": "NVD", "id": "CVE-2020-27006" }, { "db": "JVNDB", "id": "JVNDB-2020-015914" }, { "db": "ZDI", "id": "ZDI-21-232" }, { "db": "CNVD", "id": "CNVD-2022-75821" } ], "trust": 2.79 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-27006", "trust": 3.7 }, { "db": "ZDI", "id": "ZDI-21-232", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-663999", "trust": 1.6 }, { "db": "JVN", "id": "JVNVU91083521", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015914", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12182", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2022-75821", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-040-06", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0495", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202102-864", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-232" }, { "db": "CNVD", "id": "CNVD-2022-75821" }, { "db": "JVNDB", "id": "JVNDB-2020-015914" }, { "db": "CNNVD", "id": "CNNVD-202102-864" }, { "db": "NVD", "id": "CVE-2020-27006" } ] }, "id": "VAR-202102-0327", "iot": { "_id": null, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-75821" } ], "trust": 1.00125 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-75821" } ] }, "last_update_date": "2024-11-23T20:13:55.452000Z", "patch": { "_id": null, "data": [ { "title": "SSA-663999", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "title": "Siemens has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "title": "JT2Go Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=141286" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-232" }, { "db": "JVNDB", "id": "JVNDB-2020-015914" }, { "db": "CNNVD", "id": "CNNVD-202102-864" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-119", "trust": 1.0 }, { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015914" }, { "db": "NVD", "id": "CVE-2020-27006" } ] }, "references": { "_id": null, "data": [ { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-232/" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27006" }, { "trust": 1.3, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91083521/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0495" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-232" }, { "db": "CNVD", "id": "CNVD-2022-75821" }, { "db": "JVNDB", "id": "JVNDB-2020-015914" }, { "db": "CNNVD", "id": "CNNVD-202102-864" }, { "db": "NVD", "id": "CVE-2020-27006" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-232", "ident": null }, { "db": "CNVD", "id": "CNVD-2022-75821", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-015914", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202102-864", "ident": null }, { "db": "NVD", "id": "CVE-2020-27006", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-232", "ident": null }, { "date": "2022-11-10T00:00:00", "db": "CNVD", "id": "CNVD-2022-75821", "ident": null }, { "date": "2021-10-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015914", "ident": null }, { "date": "2021-02-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-864", "ident": null }, { "date": "2021-02-09T17:15:14.343000", "db": "NVD", "id": "CVE-2020-27006", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-02-24T00:00:00", "db": "ZDI", "id": "ZDI-21-232", "ident": null }, { "date": "2022-11-10T00:00:00", "db": "CNVD", "id": "CNVD-2022-75821", "ident": null }, { "date": "2021-10-22T08:12:00", "db": "JVNDB", "id": "JVNDB-2020-015914", "ident": null }, { "date": "2021-10-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-864", "ident": null }, { "date": "2024-11-21T05:20:40.170000", "db": "NVD", "id": "CVE-2020-27006", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-864" } ], "trust": 0.6 }, "title": { "_id": null, "data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds Vulnerability in Microsoft", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015914" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-864" } ], "trust": 0.6 } }