CVE-2022-41283

Description

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Physical

Changed

Affected products

Siemens / JT2GoAll versions < V14.1.0.6 – All versions < V14.1.0.6
Siemens / Teamcenter Visualization V13.2All versions < V13.2.0.12 – All versions < V13.2.0.12
Siemens / Teamcenter Visualization V13.3All versions < V13.3.0.8 – All versions < V13.3.0.8
Siemens / Teamcenter Visualization V14.0All versions < V14.0.0.4 – All versions < V14.0.0.4
Siemens / Teamcenter Visualization V14.1All versions < V14.1.0.6 – All versions < V14.1.0.6

References

MISChttps://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf