Null Pointer Dereference in Siemens Applications
CVE-2024-37996

3.3LOW

Key Information:

Vendor: Siemens
Status: Jt Open; Jt2go; Plm Xml Sdk; Teamcenter Visualization V14.2
Vendor: CVE Published:; 9 July 2024

Summary

A critical vulnerability exists within various Siemens applications, including JT Open, JT2Go, and Teamcenter Visualization, which are susceptible to null pointer dereference. This issue arises when the applications process specially crafted XML files. An attacker could exploit this weakness to trigger application crashes, ultimately leading to a denial of service. It is imperative for users to update to the latest versions to mitigate potential risks associated with this vulnerability.

Affected Version(s)

JT Open 0

JT2Go 0

PLM XML SDK 0

References

https://cert-portal.siemens.com/productcert/html/ssa-8248...

https://cert-portal.siemens.com/productcert/html/ssa-9592...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2024