CVE-2023-33124

2023-06-1309:15:18

CWE-787

CWE-119

[email protected]

web.nvd.nist.gov

vulnerability

jt2go

teamcenter visualization

memory corruption

cgm files

code execution

cve-2023-33124

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

19.3%

JSON

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a memory corruption vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.

Affected configurations

NVD

Node

siemensjt2goRange<14.2.0.3

siemensteamcenter_visualizationRange13.2.0–13.2.0.13

siemensteamcenter_visualizationRange13.3.0–13.3.0.10

siemensteamcenter_visualizationRange14.0–14.0.0.6

siemensteamcenter_visualizationRange14.1–14.1.0.8

siemensteamcenter_visualizationRange14.2–14.2.0.3

CPENameOperatorVersion
siemens:jt2gosiemens jt2golt14.2.0.3
siemens:teamcenter_visualizationsiemens teamcenter visualizationlt13.2.0.13
siemens:teamcenter_visualizationsiemens teamcenter visualizationlt13.3.0.10
siemens:teamcenter_visualizationsiemens teamcenter visualizationlt14.0.0.6
siemens:teamcenter_visualizationsiemens teamcenter visualizationlt14.1.0.8
siemens:teamcenter_visualizationsiemens teamcenter visualizationlt14.2.0.3

CPE	Name	Operator	Version
siemens:jt2go	siemens jt2go	lt	14.2.0.3
siemens:teamcenter_visualization	siemens teamcenter visualization	lt	13.2.0.13
siemens:teamcenter_visualization	siemens teamcenter visualization	lt	13.3.0.10
siemens:teamcenter_visualization	siemens teamcenter visualization	lt	14.0.0.6
siemens:teamcenter_visualization	siemens teamcenter visualization	lt	14.1.0.8
siemens:teamcenter_visualization	siemens teamcenter visualization	lt	14.2.0.3

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "JT2Go",
    "versions": [
      {
        "version": "All versions < V14.2.0.3",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Teamcenter Visualization V13.2",
    "versions": [
      {
        "version": "All versions < V13.2.0.13",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Teamcenter Visualization V13.3",
    "versions": [
      {
        "version": "All versions < V13.3.0.10",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Teamcenter Visualization V14.0",
    "versions": [
      {
        "version": "All versions < V14.0.0.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Teamcenter Visualization V14.1",
    "versions": [
      {
        "version": "All versions < V14.1.0.8",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Teamcenter Visualization V14.2",
    "versions": [
      {
        "version": "All versions < V14.2.0.3",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]