First published: Tue Dec 13 2022(Updated: )
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
Credit: productcert@siemens.com productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens JT2Go | ||
Siemens Teamcenter Visualization | >=13.2.0<13.2.0.12 | |
Siemens Teamcenter Visualization | >=13.3.0<13.3.0.8 | |
Siemens Teamcenter Visualization | >=14.0<14.0.0.4 | |
Siemens Teamcenter Visualization | >=14.1<14.1.0.6 | |
Siemens JT2Go | <14.1.0.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-41278 is a vulnerability identified in JT2Go (All versions < V14.1.0.6) and Teamcenter Visualization V13.2 (All versions < V13.2.0.12), V13.3 (All versions < V13.3.0.8), V14.0 (All versions < V14.0.0.4), and V14.1 (All versions < V14.1.0.6).
The severity of CVE-2022-41278 is medium, with a severity value of 3.3.
JT2Go (All versions < V14.1.0.6) and Teamcenter Visualization V13.2 (All versions < V13.2.0.12), V13.3 (All versions < V13.3.0.8), V14.0 (All versions < V14.0.0.4), and V14.1 (All versions < V14.1.0.6) are affected by CVE-2022-41278.
To fix CVE-2022-41278, update to JT2Go version V14.1.0.6 or higher, or update to Teamcenter Visualization V13.2.0.12 or higher for V13.2, V13.3.0.8 or higher for V13.3, V14.0.0.4 or higher for V14.0, and V14.1.0.6 or higher for V14.1.
More information about CVE-2022-41278 can be found at the Siemens ProductCERT website: https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf