First published: Tue Dec 14 2021(Updated: )
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15103)
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens JT2Go | <13.2.0.5 | |
Siemens Teamcenter Visualization | <13.2.0.5 | |
Siemens JT2Go | ||
Siemens JT2Go | <13.2.0.5 | 13.2.0.5 |
Siemens Teamcenter Visualization | <13.2.0.5 | 13.2.0.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-44013 is high with a CVSS score of 7.8.
CVE-2021-44013 affects Siemens JT2Go versions up to and including 13.2.0.5.
CVE-2021-44013 allows remote attackers to execute arbitrary code by exploiting a flaw in the parsing of JT files in Siemens JT2Go.
To exploit CVE-2021-44013, the target must either visit a malicious page or open a malicious JT file.
You can find more information about CVE-2021-44013 in the following references: - Siemens ProductCERT Advisory: [https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf](https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf) - Zero Day Initiative Advisory: [https://www.zerodayinitiative.com/advisories/ZDI-22-009/](https://www.zerodayinitiative.com/advisories/ZDI-22-009/) - CISA ICS Advisory: [https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10](https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10)