Memory Corruption in JT Open and Solid Edge by Siemens
CVE-2022-47935

7.8HIGH

Key Information:

Vendor: Siemens
Status: Jt Open; Jt Utilities; Solid Edge
Vendor: CVE Published:; 10 January 2023

What is CVE-2022-47935?

A memory corruption vulnerability exists in the JT Open and Solid Edge software due to improper processing of specially crafted JT files. This flaw is present in versions of JT Open earlier than V11.1.1.0, JT Utilities earlier than V13.1.1.0, and Solid Edge before V2023. An attacker could exploit this vulnerability to execute arbitrary code within the context of the affected application, potentially compromising system integrity and security.

Affected Version(s)

JT Open All versions < V11.1.1.0

JT Utilities All versions < V13.1.1.0

Solid Edge All versions < V2023

References

https://cert-portal.siemens.com/productcert/pdf/ssa-93621...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 10, 2023
Vulnerability Reserved
Dec 23, 2022