JT2Go and Teamcenter Visualization Vulnerabilities
CVE-2024-34085

7.8HIGH

Key Information:

Vendor
Siemens
Status
Jt2go
Teamcenter Visualization V14.1
Teamcenter Visualization V14.2
Teamcenter Visualization V14.3
Vendor
CVE Published:
14 May 2024

Summary

A stack overflow vulnerability has been identified in the JT2Go application and multiple versions of Teamcenter Visualization by Siemens. This vulnerability arises when these applications parse specially crafted XML files, potentially allowing an attacker to execute arbitrary code within the context of the affected process. The vulnerability affects JT2Go in all versions prior to V2312.0001, along with Teamcenter Visualization versions V14.1, V14.2, V14.3, and V2312, all of which require specific version updates to mitigate the risk. Organizations utilizing these products should prioritize updating to the latest versions to protect against potential exploitation.

Affected Version(s)

JT2Go 0

Teamcenter Visualization V14.1 0

Teamcenter Visualization V14.2 0

References

https://cert-portal.siemens.com/productcert/html/ssa-6615...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.