A vulnerability classified as critical was found in Siemens JT2Go and Teamcenter Visualization (unknown version). This vulnerability affects an unknown code block in the library CGM_NIST_Loader.dll of the component CGM File Handler. The manipulation with an unknown input leads to a out-of-bounds vulnerability. The CWE definition for the vulnerability is CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

The weakness was disclosed 12/13/2022 as ssa-700053. The advisory is available at cert-portal.siemens.com. This vulnerability was named CVE-2022-41286 since 09/21/2022. Successful exploitation requires user interaction by the victim. Technical details are known, but there is no available exploit. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 01/08/2023).

Upgrading eliminates this vulnerability.

The entries VDB-215535, VDB-215536, VDB-215537 and VDB-215538 are pretty similar.

Productinfo

Vendor

• Siemens

Name

• JT2Go
• Teamcenter Visualization

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion