CVE-2022-45484

2022-12-1316:15:24

CWE-125

[email protected]

web.nvd.nist.gov

cve-2022-45484

vulnerability

jt2go

teamcenter visualization

code execution

security

out of bounds read

zdi-can-19056

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

4.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.4%

JSON

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.9), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.5), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CCITT_G4Decode.dll contains an out of bounds read vulnerability when parsing a RAS file. An attacker can leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19056)

Affected configurations

NVD

Node

siemensjt2go

siemensteamcenter_visualizationRange13.2.0–13.2.0.12

siemensteamcenter_visualizationRange13.3.0–13.3.0.8

siemensteamcenter_visualizationRange14.0–14.0.0.4

siemensteamcenter_visualizationRange14.1–14.1.0.6

CPENameOperatorVersion
siemens:jt2gosiemens jt2goeq*
siemens:teamcenter_visualizationsiemens teamcenter visualizationlt13.2.0.12
siemens:teamcenter_visualizationsiemens teamcenter visualizationlt13.3.0.8
siemens:teamcenter_visualizationsiemens teamcenter visualizationlt14.0.0.4
siemens:teamcenter_visualizationsiemens teamcenter visualizationlt14.1.0.6

CPE	Name	Operator	Version
siemens:jt2go	siemens jt2go	eq	*
siemens:teamcenter_visualization	siemens teamcenter visualization	lt	13.2.0.12
siemens:teamcenter_visualization	siemens teamcenter visualization	lt	13.3.0.8
siemens:teamcenter_visualization	siemens teamcenter visualization	lt	14.0.0.4
siemens:teamcenter_visualization	siemens teamcenter visualization	lt	14.1.0.6

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "JT2Go",
    "versions": [
      {
        "version": "All versions < V14.1.0.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Teamcenter Visualization V13.2",
    "versions": [
      {
        "version": "All versions < V13.2.0.12",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Teamcenter Visualization V13.3",
    "versions": [
      {
        "version": "All versions < V13.3.0.9",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Teamcenter Visualization V13.3",
    "versions": [
      {
        "version": "All versions < V13.3.0.8",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Teamcenter Visualization V14.0",
    "versions": [
      {
        "version": "All versions < V14.0.0.5",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Teamcenter Visualization V14.0",
    "versions": [
      {
        "version": "All versions < V14.0.0.4",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Teamcenter Visualization V14.1",
    "versions": [
      {
        "version": "All versions < V14.1.0.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]