Null Pointer Dereference Vulnerability in Siemens Visualization Products
CVE-2022-41278

3.3LOW

Key Information:

Vendor: Siemens
Status: Jt2go; Teamcenter Visualization V13.2; Teamcenter Visualization V13.3; Teamcenter Visualization V14.0
Vendor: CVE Published:; 13 December 2022

Summary

A null pointer dereference vulnerability exists in the CGM_NIST_Loader.dll of Siemens JT2Go and Teamcenter Visualization applications, which are present in multiple versions prior to specified thresholds. This flaw can be exploited when specially crafted CGM files are parsed, potentially leading to application crashes and denial of service. Users of affected products should update to the appropriate versions to mitigate this risk.

Affected Version(s)

JT2Go All versions < V14.1.0.6

Teamcenter Visualization V13.2 All versions < V13.2.0.12

Teamcenter Visualization V13.3 All versions < V13.3.0.8

References

https://cert-portal.siemens.com/productcert/pdf/ssa-70005...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2022
Vulnerability Reserved
Sep 21, 2022