Out of Bounds Read Vulnerability in JT2Go and Teamcenter Visualization Products
CVE-2023-51439

7.8HIGH

Key Information:

Vendor: Siemens
Status: JT2Go; Teamcenter Visualization V13.3; Teamcenter Visualization V14.1; Teamcenter Visualization V14.2
Vendor: CVE Published:; 9 January 2024

Summary

A vulnerability has been identified in Siemens' JT2Go and Teamcenter Visualization applications, characterized by an out of bounds read error triggered during the parsing of specially crafted CGM files. This flaw affects multiple versions of these products, potentially allowing an attacker to execute code within the context of the running process. Users of JT2Go and various Teamcenter Visualization versions are advised to update to the latest patches to mitigate this security risk.

Affected Version(s)

JT2Go All versions < V14.3.0.6

Teamcenter Visualization V13.3 All versions < V13.3.0.13

Teamcenter Visualization V14.1 All versions < V14.1.0.12

References

https://cert-portal.siemens.com/productcert/pdf/ssa-79465...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 9, 2024
Vulnerability Reserved
Dec 19, 2023