CVE-2022-29030

2022-05-1009:47:08

CWE-680

siemens

www.cve.org

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.0%

JSON

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Mono_Loader.dll library is vulnerable to integer overflow condition while parsing specially crafted TG4 files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CNA Affected

[
  {
    "product": "JT2Go",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V13.3.0.3"
      }
    ]
  },
  {
    "product": "Teamcenter Visualization V13.3",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V13.3.0.3"
      }
    ]
  },
  {
    "product": "Teamcenter Visualization V14.0",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V14.0.0.1"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf