PT-2022-25786 · Siemens · Teamcenter Visualization +1

Name of the Vulnerable Software and Affected Versions: JT2Go versions prior to 14.1.0.6 Teamcenter Visualization V13.2 versions prior to 13.2.0.12 Teamcenter Visualization V13.3 versions prior to 13.3.0.8 Teamcenter Visualization V14.0 versions prior to 14.0.0.4 Teamcenter Visualization V14.1...

CVE-2022-41286

Summary: CVE-2022-41286 affects Siemens JT2Go and Teamcenter Visualization (versions listed in sources) where the CGM_NIST_Loader.dll parses CGM files and can perform an out-of-bounds write, enabling code execution in the current process. Affected portions include JT2Go (all versions < 14.1.0....

PT-2022-6394 · Siemens · Teamcenter Visualization +1

Name of the Vulnerable Software and Affected Versions: APDFL.dll affected versions not specified Description: The issue is related to an out-of-bounds write past a fixed-length heap-based buffer in the APDFL.dll while parsing specially crafted PDF files. This could allow an attacker to execute co...

PT-2022-25787 · Siemens · Teamcenter Visualization +1

Name of the Vulnerable Software and Affected Versions: JT2Go versions prior to 14.1.0.6 Teamcenter Visualization V13.2 versions prior to 13.2.0.12 Teamcenter Visualization V13.3 versions prior to 13.3.0.8 Teamcenter Visualization V14.0 versions prior to 14.0.0.4 Teamcenter Visualization V14.1...

PT-2022-25791 · Siemens · Teamcenter Visualization +1

Name of the Vulnerable Software and Affected Versions: JT2Go versions prior to 14.1.0.6 Teamcenter Visualization V13.2 versions prior to 13.2.0.12 Teamcenter Visualization V13.3 versions prior to 13.3.0.8 Teamcenter Visualization V14.0 versions prior to 14.0.0.4 Teamcenter Visualization V14.1...

PT-2022-25792 · Siemens · Jt2Go +1

Name of the Vulnerable Software and Affected Versions: JT2Go versions prior to 14.1.0.6 Teamcenter Visualization V13.2 versions prior to 13.2.0.12 Teamcenter Visualization V13.3 versions prior to 13.3.0.8 Teamcenter Visualization V14.0 versions prior to 14.0.0.4 Teamcenter Visualization V14.1...

Siemens Teamcenter Visualization and JT2Go

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens Teamcenter Visualization and JT2Go

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Teamcenter Visualization and JT2Go Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION...

CVE-2022-41284

CVE-2022-41284 affects Siemens JT2Go and Teamcenter Visualization: CGM_NIST_Loader.dll out-of-bounds read when parsing CGM files, enabling code execution in the current process. Affected: JT2Go all versions; Teamcenter Visualization V13.2 before 13.2.0.12; V13.3 before 13.3.0.8; V14.0 before 14.0...

CVE-2022-41285

CVE-2022-41285 concerns a use-after-free vulnerability in the CGM_NIST_Loader.dll across Siemens JT2Go and Teamcenter Visualization versions (JT2Go < 14.1.0.6; Teamcenter Visualization V13.2 < 13.2.0.12; V13.3 < 13.3.0.8; V14.0 < 14.0.0.4; V14.1

CVE-2022-41287

CVE-2022-41287 describes a divide-by-zero vulnerability in CGM_NIST_Loader.dll when parsing CGM files, affecting JT2Go and Teamcenter Visualization: JT2Go versions before 14.1.0.6; Teamcenter Visualization V13.2 before 13.2.0.12; V13.3 before 13.3.0.8; V14.0 before 14.0.0.4; V14.1 before 14.1.0.6...

CVE-2022-41280

Siemens VT/JT2Go are affected by a null pointer dereference in CGM_NIST_Loader.dll when parsing specially crafted CGM files. Affected products include JT2Go (all versions < 14.1.0.6) and Teamcenter Visualization (V13.2 <13.2.0.12, V13.3 <13.3.0.8, V14.0 <14.0.0.4, V14.1

PT-2022-25785 · Siemens · Teamcenter Visualization +1

Name of the Vulnerable Software and Affected Versions: JT2Go versions prior to 14.1.0.6 Teamcenter Visualization V13.2 versions prior to 13.2.0.12 Teamcenter Visualization V13.3 versions prior to 13.3.0.8 Teamcenter Visualization V14.0 versions prior to 14.0.0.4 Teamcenter Visualization V14.1...

CVE-2022-41947

CVE-2022-41947 describes a cross-site scripting (XSS) vulnerability in DHIS 2 core where an authenticated user can upload a file containing embedded JavaScript, which could be triggered when another authenticated user opens the file in a browser. Affected versions are DHIS 2 prior to 2.36.12.1, 2...

CVE-2022-41947 Cross-site Scripting with user-uploaded files in dhis2-core

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated...

CVE-2022-41949

CVE-2022-41949 affects DHIS 2 core. An authenticated DHIS2 user can craft a request that makes the server fetch external resources, enabling a semi‑blind Server-Side Request Forgery (SSRF) in the dhis2-core component. This can allow an attacker to identify vulnerable services not publicly exposed...

GE CIMPLICITY HMI/SCADA Software Buffer Overflow Vulnerability

GE CIMPLICITY HMI/SCADA Software is an automated industrial platform from General Electric GE. It provides true client-server visualization and control from a single machine to plant locations around the world, helping to manage operations and improve decision making. A buffer overflow...

PT-2022-25936 · Tibco Software · Tibco Spotfire Desktop +3

Name of the Vulnerable Software and Affected Versions: TIBCO Spotfire Analyst versions 11.4.4 and below TIBCO Spotfire Analyst versions 11.5.0 through 12.1.0 TIBCO Spotfire Analytics Platform for AWS Marketplace versions 12.1.0 and below TIBCO Spotfire Desktop versions 11.4.4 and below TIBCO...

FreeBSD : Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (6f6c9420-6297-11ed-9ca2-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6f6c9420-6297-11ed-9ca2-6c3be5272acd advisory. - Grafana is an open source observability and data visualization platform. Versions of Grafana for...

Siemens JT2Go and Teamcenter Visualization Buffer Overflow Vulnerability (CNVD-2022-75548)

JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML, and available JT, VFZ, CGM, and TIF data. teamcenter Visualization enables companies to enhance their product lifecycle management PLM environments with a comprehensive family of visualization solutions. The...