Null Pointer Dereference in Siemens Applications
CVE-2024-37996

4.8MEDIUM

Key Information:

Vendor: Siemens
Status: Jt Open; Jt2go; Plm Xml Sdk; Teamcenter Visualization V14.2
Vendor: CVE Published:; 9 July 2024

Summary

A critical vulnerability exists within various Siemens applications, including JT Open, JT2Go, and Teamcenter Visualization, which are susceptible to null pointer dereference. This issue arises when the applications process specially crafted XML files. An attacker could exploit this weakness to trigger application crashes, ultimately leading to a denial of service. It is imperative for users to update to the latest versions to mitigate potential risks associated with this vulnerability.

Affected Version(s)

JT Open 0

JT2Go 0

PLM XML SDK 0

References

https://cert-portal.siemens.com/productcert/html/ssa-8248...

https://cert-portal.siemens.com/productcert/html/ssa-9592...

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Jul 9, 2024