First published: Tue Dec 13 2022(Updated: )
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens JT2Go | ||
Siemens Teamcenter Visualization | >=13.2.0<13.2.0.12 | |
Siemens Teamcenter Visualization | >=13.3.0<13.3.0.8 | |
Siemens Teamcenter Visualization | >=14.0<14.0.0.4 | |
Siemens Teamcenter Visualization | >=14.1<14.1.0.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-41282 is high with a severity value of 7.8.
JT2Go is affected in all versions below V14.1.0.6, while Teamcenter Visualization V13.2, V13.3, V14.0, and V14.1 are affected in versions below V13.2.0.12, V13.3.0.8, V14.0.0.4, and V14.1.0.6 respectively.
To fix CVE-2022-41282, it is recommended to upgrade to V14.1.0.6 for JT2Go and V13.2.0.12, V13.3.0.8, V14.0.0.4, or V14.1.0.6 for Teamcenter Visualization, depending on the affected version.
The Common Weakness Enumeration (CWE) ID for CVE-2022-41282 is CWE-125.
You can find more information about CVE-2022-41282 at the following reference: https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf