Memory Corruption in JT Open and JT Utilities by Siemens
CVE-2022-47977

7.8HIGH

Key Information:

Vendor: Siemens
Status: Jt Open; Jt Utilities
Vendor: CVE Published:; 14 February 2023

Summary

A memory corruption vulnerability has been discovered in Siemens JT Open and JT Utilities, affecting all versions prior to V11.2.3.0 and V13.2.3.0 respectively. This vulnerability arises from the improper parsing of specially crafted JT files, which may enable an attacker to execute arbitrary code in the context of the affected process, potentially compromising system integrity.

Affected Version(s)

JT Open All versions < V11.2.3.0

JT Utilities All versions < V13.2.3.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-83677...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 14, 2023
Vulnerability Reserved
Dec 28, 2022