Parasolid Vulnerability Could Allow Execution of Code
CVE-2024-26275

7.8HIGH

Key Information:

Vendor: Siemens
Status: Jt2go; Parasolid V35.1; Parasolid V36.0; Parasolid V36.1
Vendor: CVE Published:; 9 April 2024

Summary

A serious vulnerability has been found in Siemens JT2Go and Teamcenter Visualization products, whereby an out of bounds read condition exists when parsing malformed X_T files. This flaw allows attackers to potentially execute arbitrary code within the context of the affected process, which could lead to unauthorized actions and compromised systems. Users of JT2Go and Teamcenter Visualization should apply necessary updates to mitigate risks associated with this vulnerability.

Affected Version(s)

JT2Go 0

Parasolid V35.1 0

Parasolid V36.0 0

References

https://cert-portal.siemens.com/productcert/html/ssa-2220...

https://cert-portal.siemens.com/productcert/html/ssa-7719...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Feb 15, 2024