CVE-2024-37996: Null Pointer Dereference
First published: Tue Jul 09 2024(Updated: )
A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0003). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XML files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| JT Open | <V11.5 | |
| Siemens JT2Go | <V2406.0003 | |
| Siemens PLM XML SDK | <V7.1.0.014 | |
| Siemens Teamcenter Visualization | <V14.2.0.13 | |
| Siemens Teamcenter Visualization | <V14.3.0.11 | |
| Siemens Teamcenter Visualization | <V2312.0008 | |
| Siemens Teamcenter Visualization | <V2406.0003 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-37996?
CVE-2024-37996 has been classified with a high severity rating due to potential risks associated with affected versions.
How do I fix CVE-2024-37996?
To remediate CVE-2024-37996, users should upgrade to the latest versions of the affected software as specified by Siemens.
Which software products are impacted by CVE-2024-37996?
CVE-2024-37996 affects JT Open, JT2Go, PLM XML SDK, and several versions of Teamcenter Visualization.
What versions should I be aware of in relation to CVE-2024-37996?
Users should note that all versions of JT Open below V11.5, JT2Go below V2406.0003, PLM XML SDK below V7.1.0.014, and specific Teamcenter Visualization versions prior to their respective security updates are impacted.
Is there a patch available for CVE-2024-37996?
Yes, Siemens has released patches for CVE-2024-37996, and users should apply the patches corresponding to their specific software versions.
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- agent/references
- collector/nvd-api
- source/NVD
- agent/description
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/jt open
- canonical/jt open
- vendor/siemens
- canonical/siemens jt2go
- canonical/siemens plm xml sdk
- canonical/siemens teamcenter visualization