CVE-2023-38075: Use After Free
First published: Tue Sep 12 2023(Updated: )
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20842)
Credit: productcert@siemens.com productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens JT2Go | <14.3.0.1 | |
| Siemens Teamcenter Visualization | >=13.3.0<13.4.0.12 | |
| Siemens Teamcenter Visualization | >=14.0<14.1.0.11 | |
| Siemens Teamcenter Visualization | >=14.2<14.2.0.6 | |
| Siemens Teamcenter Visualization | >=14.3<14.3.0.1 | |
| Siemens Tecnomatix Plant Simulation | >=2201.0<2201.0010 | |
| Siemens Tecnomatix Plant Simulation | >=2302.0<2302.0004 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-38075.
What is the severity of CVE-2023-38075?
The severity of CVE-2023-38075 is high with a score of 7.8.
Which software versions are affected by CVE-2023-38075?
JT2Go versions < V14.3.0.1, Teamcenter Visualization V13.3 versions < V13.3.0.12, Teamcenter Visualization V14.0 versions, Teamcenter Visualization V14.1 versions < V14.1.0.11, Teamcenter Visualization V14.2 versions < V14.2.0.6, and Teamcenter Visualization V14.3 versions < V14.3.0.1 are affected by CVE-2023-38075.
What is the Common Vulnerabilities and Exposures (CVE) ID?
The Common Vulnerabilities and Exposures (CVE) ID is CVE-2023-38075.
How can I fix the vulnerability in the affected software?
To fix the vulnerability, update JT2Go to version V14.3.0.1 or later, and update Teamcenter Visualization versions V13.3.0.12, V14.1.0.11, V14.2.0.6, and V14.3.0.1 to their respective latest versions.
- collector/nvd-index
- collector/mitre-cve
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/siemens
- canonical/siemens jt2go
- canonical/siemens teamcenter visualization
- version/siemens teamcenter visualization/13.3.0
- version/siemens teamcenter visualization/14.0
- version/siemens teamcenter visualization/14.2
- version/siemens teamcenter visualization/14.3
- canonical/siemens tecnomatix plant simulation
- version/siemens tecnomatix plant simulation/2201.0
- version/siemens tecnomatix plant simulation/2302.0