Buffer Overflow Vulnerability in Siemens PDF Processing Component
CVE-2022-3159

7.8HIGH

Key Information:

Vendor

Siemens
Status
Jt2go
Teamcenter Visualization V13.3
Teamcenter Visualization V14.0
Teamcenter Visualization V14.1
Vendor
CVE Published:
13 January 2023

What is CVE-2022-3159?

The APDFL.dll component in Siemens products is susceptible to a stack-based buffer overflow when processing specially crafted PDF files. This vulnerability allows an attacker to potentially execute arbitrary code within the context of the running process, posing a significant risk. Users are urged to review and apply the latest security updates to mitigate possible exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

JT2Go 0 < 14.1.0.5

Teamcenter Visualization V13.3 0 < 13.3.0.8

Teamcenter Visualization V14.0 0 < 14.0.0.4

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-15
https://cert-portal.siemens.com/productcert/html/ssa-3606...
https://cert-portal.siemens.com/productcert/csaf/ssa-3606...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Michael Heinz and Nafiez reported these vulnerabilities to Siemens. 
JSON
.