Null Pointer Dereference Vulnerability in JT2Go and Teamcenter Visualization Products
CVE-2023-51744

5.5MEDIUM

Key Information:

Vendor: Siemens
Status: JT2Go; Teamcenter Visualization V13.3; Teamcenter Visualization V14.1; Teamcenter Visualization V14.2
Vendor: CVE Published:; 9 January 2024

Summary

A significant vulnerability exists in JT2Go and various versions of Teamcenter Visualization due to a null pointer dereference issue during the processing of specially crafted CGM files. This flaw can be exploited by an attacker to disrupt the application's functionality, potentially leading to a denial of service scenario where the application crashes when processing harmful CGM data.

Affected Version(s)

JT2Go All versions < V14.3.0.6

Teamcenter Visualization V13.3 All versions < V13.3.0.13

Teamcenter Visualization V14.1 All versions < V14.1.0.12

References

https://cert-portal.siemens.com/productcert/pdf/ssa-79465...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 9, 2024
Vulnerability Reserved
Dec 22, 2023