Out of Bounds Read in JT Open and JT Utilities by Siemens
CVE-2023-30796

7.8HIGH

Key Information:

Vendor: Siemens
Status: Jt Open; Jt Utilities
Vendor: CVE Published:; 8 August 2023

Summary

A security vulnerability has been detected in JT Open and JT Utilities, where an out of bounds read can occur when parsing specially crafted JT files. This flaw affects all versions of JT Open prior to V11.4 and JT Utilities prior to V13.4. Attackers could exploit this vulnerability to read data beyond allocated buffers, potentially executing arbitrary code within the current process context. Users of these applications should take immediate precautions to mitigate associated risks.

Affected Version(s)

JT Open All versions < V11.4

JT Utilities All versions < V13.4

References

https://cert-portal.siemens.com/productcert/pdf/ssa-00156...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Apr 18, 2023