A vulnerability was found in Siemens JT2Go and Teamcenter Visualization (version unknown) and classified as critical. This issue affects an unknown function in the library CGM_NIST_Loader.dll of the component CGM File Handler. The manipulation with an unknown input leads to a out-of-bounds vulnerability. Using CWE to declare the problem leads to CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

The weakness was disclosed 12/13/2022 as ssa-700053. The advisory is shared at cert-portal.siemens.com. The identification of this vulnerability is CVE-2022-41281 since 09/21/2022. It demands that the victim is doing some kind of user interaction. Technical details are known, but no exploit is available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 01/08/2023).

Upgrading eliminates this vulnerability.

The entries VDB-215535, VDB-215536, VDB-215538 and VDB-215539 are pretty similar.

Productinfo

Vendor

• Siemens

Name

• JT2Go
• Teamcenter Visualization

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion