VDB
SSA-938030
SSA-938030
PUBLISHED
CVSS 7.800000190734863 HIGH
Siemens has released version V13.2.0.2 for JT2Go and Teamcenter Visualization to fix three vulnerabilities that could be triggered while parsing DGN or PAR files. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or potential arbitrary code execution. Siemens recommends to update to the latest versions and to limit opening of untrusted files from unknown sources in the affected products. Note: - This advisory also covers security vulnerabilities recently disclosed by Open Design Alliance [0] [0] https://www.opendesign.com/security-advisories
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| JT2Go | ||
| Teamcenter Visualization |
Exploit Intelligence
- https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf (circl)
- https://cert-portal.siemens.com/productcert/txt/ssa-938030.txt (circl)
- https://cert-portal.siemens.com/productcert/csaf/ssa-938030.json (circl)
- https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html (circl)
Timeline
- CVE Published
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf advisory
- https://cert-portal.siemens.com/productcert/txt/ssa-938030.txt advisory
- https://cert-portal.siemens.com/productcert/csaf/ssa-938030.json advisory
- https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html fix