Design/Logic Flaw

A vulnerability has been identified in JT2Go All versions V13.1.0.1, Teamcenter Visualization All versions V13.1.0.1. Affected applications lack proper validation of user-supplied data when parsing of PLT files. This could result in a memory access past the end of an allocated buffer. An attacker...

Design/Logic Flaw

A vulnerability has been identified in JT2Go All versions V13.1.0.2, Teamcenter Visualization All versions V13.1.0.2. Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker...

Memory corruption

A vulnerability has been identified in JT2Go All versions V13.1.0.1, Teamcenter Visualization All versions V13.1.0.1. Affected applications lack proper validation of user-supplied data when parsing BMP files. This can result in a memory corruption condition. An attacker could leverage this...

Design/Logic Flaw

A vulnerability has been identified in JT2Go All versions V13.1.0.2, Teamcenter Visualization All versions V13.1.0.2. Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker...

Design/Logic Flaw

A vulnerability has been identified in JT2Go All versions V13.1.0.1, Teamcenter Visualization All versions V13.1.0.1. Affected applications lack proper validation of user-supplied data when parsing of CGM files. This could result in a memory access past the end of an allocated buffer. An attacker...

Design/Logic Flaw

A vulnerability has been identified in JT2Go All versions V13.1.0.1, Teamcenter Visualization All versions V13.1.0.1. Affected applications lack proper validation of user-supplied data when parsing of HPG files. This could result in a memory access past the end of an allocated buffer. An attacker...

CVE-2020-28394

A vulnerability has been identified in JT2Go All versions V13.1.0.1, Teamcenter Visualization All versions V13.1.0.1. Affected applications lack proper validation of user-supplied data when parsing of RAS files. This could result in a memory access past the end of an allocated buffer. An attacker...

CVE-2020-27007

A vulnerability has been identified in JT2Go All versions V13.1.0.1, Teamcenter Visualization All versions V13.1.0.1. Affected applications lack proper validation of user-supplied data when parsing of HPG files. This could result in a memory access past the end of an allocated buffer. An attacker...

CVE-2020-27008

A vulnerability has been identified in JT2Go All versions V13.1.0.1, Teamcenter Visualization All versions V13.1.0.1. Affected applications lack proper validation of user-supplied data when parsing of PLT files. This could result in a memory access past the end of an allocated buffer. An attacker...

CVE-2020-27007

CVE-2020-27007 affects Siemens JT2Go and Teamcenter Visualization (all versions before v13.1.0.1). The issue is an out-of-bounds read when parsing HPG files due to insufficient validation of user-supplied data, which can disclose data in the context of the current process. ZDI advisories describe...

CVE-2020-27008

CVE-2020-27008 affects Siemens JT2Go and Teamcenter Visualization: all versions before 13.1.0.1 fail to validate user-supplied data when parsing PLT files, resulting in an out-of-bounds read/past-the-end memory access in the current process context. Public disclosures characterize it as an inform...

CVE-2020-28394

Siemens JT2Go and Teamcenter Visualization are affected by CVE-2020-28394 (RAS file parsing) where improper validation can cause an out-of-bounds read, potentially exposing data in the current process. Affected versions are JT2Go and Teamcenter Visualization prior to v13.1.0.1. The issue allows i...

CVE-2020-26998

A vulnerability has been identified in JT2Go All versions V13.1.0.2, Teamcenter Visualization All versions V13.1.0.2. Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker...

CVE-2020-27000

A vulnerability has been identified in JT2Go All versions V13.1.0.1, Teamcenter Visualization All versions V13.1.0.1. Affected applications lack proper validation of user-supplied data when parsing BMP files. This can result in a memory corruption condition. An attacker could leverage this...

CVE-2020-27006

Siemens JT2Go (before 13.1.0.1) and Teamcenter Visualization (before 13.1.0.1) are affected by CVE-2020-27006 due to improper validation while parsing PCT files, causing a memory corruption condition that could allow code execution in the context of the current process. Connected advisories confi...

CVE-2020-26998

CVE-2020-26998 affects Siemens JT2Go (all versions) and Teamcenter Visualization prior to 13.1.0.2. The vulnerability is an out-of-bounds read when parsing PAR files, which can leak information. ZDI advisories additionally describe a remote-code-execution angle via crafted PAR/ASM inputs. Siemens...

CVE-2020-27000

CVE-2020-27000 affects Siemens JT2Go (all versions < 13.1.0.1) and Teamcenter Visualization (all versions

CVE-2020-27005

A vulnerability has been identified in JT2Go All versions V13.1.0.1, Teamcenter Visualization All versions V13.1.0.1. Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could result in an out of bounds write past the end of an allocated structure. A...

CVE-2020-27002

A vulnerability has been identified in JT2Go All versions V13.1.0.2, Teamcenter Visualization All versions V13.1.0.2. Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker...

CVE-2020-27001

A vulnerability has been identified in JT2Go All versions V13.1.0.2, Teamcenter Visualization All versions V13.1.0.2. Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this...