A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V13.3 (All versions >= V13.3.0.7 < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application is vulnerable to fixed-length heap-based buffer while parsing specially crafted TIF files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors Products
Siemens
  • Teamcenter Visualization
  • Jt2go

Configuration 1 [-]

OR cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*
References
Link Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: siemens

Published: 2022-11-08T00:00:00

Updated: 2023-06-13T08:16:47.803Z

Reserved: 2022-09-01T00:00:00

Link: CVE-2022-39136

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2022-11-08T11:15:11.247

Modified: 2023-06-13T09:15:14.517

Link: CVE-2022-39136

JSON object: View

cve-icon Redhat Information

No data.

CWE