Siemens JT2Go

🗓️ 08 Oct 2024 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

Siemens JT2Go, CISA no longer updates ICS security advisories. Vulnerability in JT2Go allows stack-based buffer overflow. Update to V2406.0003. Protect network access and avoid untrusted PDF files

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of the 3D viewing tool JT and JT2Go lies in the overflow of buffers in the stack, allowing attackers to execute arbitrary code.	12 Nov 202400:00	–	bdu_fstec
Circl	CVE-2024-41902	10 Oct 202412:00	–	circl
CNNVD	Siemens JT2GO 安全漏洞	8 Oct 202400:00	–	cnnvd
CNVD	Siemens JT2Go Stack Buffer Overflow Vulnerability	10 Oct 202400:00	–	cnvd
CVE	CVE-2024-41902	8 Oct 202408:40	–	cve
Cvelist	CVE-2024-41902	8 Oct 202408:40	–	cvelist
EUVD	EUVD-2024-39260	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Siemens products	8 Oct 202413:49	–	ncsc
NVD	CVE-2024-41902	8 Oct 202409:15	–	nvd
Positive Technologies	PT-2024-7808 · Jt2Go · Jt2Go	23 Jul 202400:00	–	ptsecurity

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/csaf/ssa-626178.json
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-626178.html
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-284-07.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-24-284-07
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/topics/industrial-control-systems
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
cisa	www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
cisa	www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B

08 Oct 2024 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 3.17.8

CVSS 47.3

EPSS0.00089

SSVC