Uninitialized Pointer Reference Vulnerability in Siemens JTTK and Simcenter Femap
CVE-2022-41851

7.8HIGH

Key Information:

Vendor: Siemens
Status: Jttk; Simcenter Femap V2022.1; Simcenter Femap V2022.2
Vendor: CVE Published:; 11 October 2022

Summary

The JTTK library and Siemens Simcenter Femap have been identified with a vulnerability that arises from an uninitialized pointer reference during the parsing of specially crafted JT files. This flaw could enable an attacker to execute arbitrary code in the context of the process executing the JTTK library. Systems running affected versions are at risk, necessitating immediate attention to mitigate potential exploitation.

Affected Version(s)

JTTK All versions < V11.1.1.0

Simcenter Femap V2022.1 All versions < V2022.1.3

Simcenter Femap V2022.2 All versions < V2022.2.2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-61175...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Sep 30, 2022