SSA-959281 — Vulnetix

SSA-959281 PUBLISHED CVSS 3.299999952316284 LOW

Siemens Teamcenter Visualization and JT2Go are affected by stack buffer overflow and null pointer dereference vulnerabilities that could be triggered while parsing XML file. If a user is tricked to open a malicious XML file with any of the affected products, this could cause the application to crash or potentially lead to arbitrary code execution. Siemens has released new versions for the affected products and recommends to update to the latest versions.

Risk Scores

CVSS v3.1

3.299999952316284

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected Products

Vendor	Product	Versions
	Teamcenter Visualization V14.3
	JT2Go
	Teamcenter Visualization V2406
	Teamcenter Visualization V2312
	Teamcenter Visualization V14.2

Timeline

CVE Published

References

https://cert-portal.siemens.com/productcert/html/ssa-959281.html advisory
https://cert-portal.siemens.com/productcert/csaf/ssa-959281.json advisory

Open in Interactive Console →