CVE-2023-38072

CVSS V2 None CVSS V3 None

Description

A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20825)

Overview

CVE ID
CVE-2023-38072

Assigner
siemens

Vulnerability Status
PUBLISHED

Published Version
2023-09-12T09:32:15.739Z

Last Modified Date
2023-11-14T11:03:23.586Z

Weakness Enumerations

CWE	URL
CWE-787	http://cwe.mitre.org/data/definitions/787.html

References

Reference URL	Reference Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-38072
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38072

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 21:09:35				Added to TrackCVE