Out-of-Bounds Write Vulnerability in APDFL.dll Affects Siemens Products
CVE-2022-3160

7.8HIGH

Key Information:

Vendor: Siemens
Status: Jt2go; Teamcenter Visualization V13.3; Teamcenter Visualization V14.0; Teamcenter Visualization V14.1
Vendor: CVE Published:; 13 January 2023

Summary

The APDFL.dll component used in Siemens products contains a vulnerability that allows for an out-of-bounds write condition. This arises when processing specially crafted PDF files, leading to potential execution of arbitrary code within the current process. Attackers can exploit this flaw to manipulate the heap, enabling unauthorized operations that may compromise system integrity and security.

Affected Version(s)

JT2Go 0 < 14.1.0.5

Teamcenter Visualization V13.3 0 < 13.3.0.8

Teamcenter Visualization V14.0 0 < 14.0.0.4

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-15

https://cert-portal.siemens.com/productcert/html/ssa-3606...

https://cert-portal.siemens.com/productcert/csaf/ssa-3606...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2023
Vulnerability Reserved
Sep 7, 2022

Credit

Michael Heinz and Nafiez reported these vulnerabilities to Siemens.