Memory Corruption Vulnerability in Siemens APDFL.dll
CVE-2022-3161

7.8HIGH

Key Information:

Vendor: Siemens
Status: Jt2go; Teamcenter Visualization V13.3; Teamcenter Visualization V14.0; Teamcenter Visualization V14.1
Vendor: CVE Published:; 13 January 2023

Summary

The vulnerability in APDFL.dll arises from improper handling of specially crafted PDF files, which can lead to memory corruption. If exploited, this flaw enables an attacker to execute arbitrary code within the context of the vulnerable process, potentially compromising system integrity and security.

Affected Version(s)

JT2Go 0 < 14.1.0.5

Teamcenter Visualization V13.3 0 < 13.3.0.8

Teamcenter Visualization V14.0 0 < 14.0.0.4

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-15

https://cert-portal.siemens.com/productcert/html/ssa-3606...

https://cert-portal.siemens.com/productcert/csaf/ssa-3606...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2023
Vulnerability Reserved
Sep 7, 2022

Credit

Michael Heinz and Nafiez reported these vulnerabilities to Siemens.