CVE-2022-41283
Published on: Not Yet Published
Last Modified on: 04/11/2023 10:15:00 AM UTC
Certain versions of Jt2go from Siemens contain the following vulnerability:
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.
- CVE-2022-41283 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
- Affected Vendor/Software: Siemens - JT2Go version = All versions < V14.1.0.6
- Affected Vendor/Software: Siemens - Teamcenter Visualization V13.2 version = All versions < V13.2.0.12
- Affected Vendor/Software: Siemens - Teamcenter Visualization V13.3 version = All versions < V13.3.0.8
- Affected Vendor/Software: Siemens - Teamcenter Visualization V14.0 version = All versions < V14.0.0.4
- Affected Vendor/Software: Siemens - Teamcenter Visualization V14.1 version = All versions < V14.1.0.6
CVSS3 Score: 7.8 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
LOCAL | LOW | NONE | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
cert-portal.siemens.com application/pdf | MISC cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf |
Related QID Numbers
- 591337 Siemens JT2Go Multiple Vulnerabilities (ICSA-22-349-20,SSA-700053)
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Siemens | Jt2go | - | All | All | All |
Application | Siemens | Teamcenter Visualization | All | All | All | All |
- cpe:2.3:a:siemens:jt2go:-:*:*:*:*:*:*:*:
- cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
@CVEreport | cve.report/CVE-2022-41283 A vulnerability has been identified in JT2Go All versions , Teamcenter Visualization V13.… twitter.com/i/web/status/1… | 2022-12-13 17:21:05 |