CVE-2023-30796

2023-08-0810:15:15

CWE-125

[email protected]

web.nvd.nist.gov

cve-2023-30796

vulnerability

jt open

jt utilities

out of bounds read

security issue

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

19.6%

JSON

A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

Affected configurations

NVD

Node

siemensjt_open_toolkitRange<11.4

siemensjt_utilitiesRange<13.4

CPENameOperatorVersion
siemens:jt_open_toolkitsiemens jt open toolkitlt11.4
siemens:jt_utilitiessiemens jt utilitieslt13.4

CPE	Name	Operator	Version
siemens:jt_open_toolkit	siemens jt open toolkit	lt	11.4
siemens:jt_utilities	siemens jt utilities	lt	13.4

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "JT Open",
    "versions": [
      {
        "version": "All versions < V11.4",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "JT Utilities",
    "versions": [
      {
        "version": "All versions < V13.4",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]