CVE-2022-41280

LOW3.3Memory safety

Description

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Physical

Changed

Affected products

Siemens / JT2GoAll versions < V14.1.0.6 – All versions < V14.1.0.6
Siemens / Teamcenter Visualization V13.2All versions < V13.2.0.12 – All versions < V13.2.0.12
Siemens / Teamcenter Visualization V13.3All versions < V13.3.0.8 – All versions < V13.3.0.8
Siemens / Teamcenter Visualization V14.0All versions < V14.0.0.4 – All versions < V14.0.0.4
Siemens / Teamcenter Visualization V14.1All versions < V14.1.0.6 – All versions < V14.1.0.6

References

MISChttps://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf