Out of Bounds Read Vulnerability in JT Utilities and JTTK by Siemens
CVE-2021-44431

3.3LOW

Key Information:

Vendor: Siemens
Status: Jt Utilities; Jttk
Vendor: CVE Published:; 14 December 2021

Summary

An out of bounds read vulnerability exists in Siemens' JT Utilities and JTTK, affecting all versions prior to V13.1.1.0 and V11.1.1.0 respectively. This issue arises when the JTTK library processes specially crafted JT files, leading to potential information leakage beyond the bounds of allocated memory. Attackers may exploit this vulnerability to gain unauthorized access to sensitive data in the context of the current process, highlighting the need for updates and security measures.

Affected Version(s)

JT Utilities All versions < V13.1.1.0

JTTK All versions < V11.1.1.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-80257...

x_refsource_MISC

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2021
Vulnerability Reserved
Nov 30, 2021