CVE-2022-41288

CVSS V2 None CVSS V3 None

Description

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains stack exhaustion vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

Overview

CVE ID
CVE-2022-41288

Assigner
productcert@siemens.com

Vulnerability Status
Modified

Published Version
2022-12-13T16:15:23

Last Modified Date
2023-04-11T10:15:17

Weakness Enumerations

CWE	URL
CWE-770	http://cwe.mitre.org/data/definitions/770.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:siemens:jt2go:-:::::::*	1	OR
cpe:2.3:a:siemens:teamcenter_visualization::::::::	1	OR	13.2.0	13.2.0.12
cpe:2.3:a:siemens:teamcenter_visualization::::::::	1	OR	13.3.0	13.3.0.8
cpe:2.3:a:siemens:teamcenter_visualization::::::::	1	OR	14.0	14.0.0.4
cpe:2.3:a:siemens:teamcenter_visualization::::::::	1	OR	14.1	14.1.0.6

References

Reference URL	Reference Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-41288
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41288

History

Created	Old Value	New Value	Data Type	Notes
2022-12-13 16:18:30				Added to TrackCVE
2022-12-13 17:21:54	2022-12-13T16:15:23.133	2022-12-13T16:15:23	CVE Published Date	updated
2022-12-13 17:21:54		2022-12-13T16:52:05	CVE Modified Date	updated
2022-12-13 17:21:54	Received	Awaiting Analysis	Vulnerability Status	updated
2022-12-14 14:15:11	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2022-12-15 19:15:52		2022-12-15T18:23:13	CVE Modified Date	updated
2022-12-15 19:15:52	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2022-12-15 19:15:52		CWE-770	Weakness Enumeration	new
2022-12-15 19:15:52			CPE Information	updated
2023-03-14 12:14:50		2023-03-14T10:15:23	CVE Modified Date	updated
2023-03-14 12:14:51	Analyzed	Modified	Vulnerability Status	updated
2023-04-11 12:14:05		2023-04-11T10:15:17	CVE Modified Date	updated
2023-04-11 12:14:08	A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains stack exhaustion vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition.	A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains stack exhaustion vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition.	Description	updated