First published: Tue Dec 13 2022(Updated: )
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens JT2Go | ||
Siemens Teamcenter Visualization | >=13.2.0<13.2.0.12 | |
Siemens Teamcenter Visualization | >=13.3.0<13.3.0.8 | |
Siemens Teamcenter Visualization | >=14.0<14.0.0.4 | |
Siemens Teamcenter Visualization | >=14.1<14.1.0.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-41280.
JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6).
The severity of CVE-2022-41280 is medium with a severity value of 3.3.
Update your JT2Go and Teamcenter Visualization software to versions V14.1.0.6, V13.2.0.12, V13.3.0.8, V14.0.0.4, and V14.1.0.6 respectively.
You can find more information about this vulnerability in the Siemens Product Certificates website: https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf.