Buffer Overflow Vulnerability in Siemens PDF Processing Component
CVE-2022-3159

7.8HIGH

Key Information:

Vendor: Siemens
Status: Jt2go; Teamcenter Visualization V13.3; Teamcenter Visualization V14.0; Teamcenter Visualization V14.1
Vendor: CVE Published:; 13 January 2023

Summary

The APDFL.dll component in Siemens products is susceptible to a stack-based buffer overflow when processing specially crafted PDF files. This vulnerability allows an attacker to potentially execute arbitrary code within the context of the running process, posing a significant risk. Users are urged to review and apply the latest security updates to mitigate possible exploitation.

Affected Version(s)

JT2Go 0 < 14.1.0.5

Teamcenter Visualization V13.3 0 < 13.3.0.8

Teamcenter Visualization V14.0 0 < 14.0.0.4

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-15

https://cert-portal.siemens.com/productcert/html/ssa-3606...

https://cert-portal.siemens.com/productcert/csaf/ssa-3606...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2023
Vulnerability Reserved
Sep 7, 2022

Credit

Michael Heinz and Nafiez reported these vulnerabilities to Siemens.