Lucene search

SiemensVULNRICHMENT:CVE-2024-26277

HistoryApr 09, 2024 - 8:34 a.m.

CVE-2024-26277

2024-04-0908:34:38

CWE-476

siemens

github.com

vulnerability

jt2go

parasolid

teamcenter visualization

versions

denial of service

crafted x_t file

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

4.8 Medium

CVSS4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/SC:N/VI:N/SI:N/VA:L/SA:N

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "JT2Go",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2312.0004",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Parasolid V35.1",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V35.1.254",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Parasolid V36.0",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V36.0.207",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Parasolid V36.1",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V36.1.147",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Teamcenter Visualization V14.2",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "*",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Teamcenter Visualization V14.3",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V14.3.0.9",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Teamcenter Visualization V2312",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2312.0004",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/html/ssa-222019.html

cert-portal.siemens.com/productcert/html/ssa-771940.html

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

4.8 Medium

CVSS4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/SC:N/VI:N/SI:N/VA:L/SA:N

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2024-26277