Use-After-Free Vulnerability in JT2Go and Teamcenter Visualization by Siemens
CVE-2022-41663

7.8HIGH

Key Information:

Vendor
Siemens
Status
Jt2go
Teamcenter Visualization V13.2
Teamcenter Visualization V13.3
Teamcenter Visualization V14.0
Vendor
CVE Published:
8 November 2022

Summary

A use-after-free vulnerability exists in JT2Go and several versions of Teamcenter Visualization, allowing attackers to exploit specially crafted CGM files. Successfully exploiting this flaw could enable the attacker to execute arbitrary code within the context of the process. Users of the affected versions are advised to upgrade to prevent potential exploitation.

Affected Version(s)

JT2Go All versions < V14.1.0.4

Teamcenter Visualization V13.2 All versions < V13.2.0.12

Teamcenter Visualization V13.3 All versions < V13.3.0.7

References

https://cert-portal.siemens.com/productcert/pdf/ssa-12037...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.