Details of VAR-202101-0342

ID

VAR-202101-0342

CVE

CVE-2020-26981

TITLE

JT2Go and Teamcenter Visualization In XML External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-015263

DESCRIPTION

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11890). JT2Go and Teamcenter Visualization Has XML An external entity vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-11890 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PLMXML files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment

Trust: 2.79

sources: NVD: CVE-2020-26981 // JVNDB: JVNDB-2020-015263 // ZDI: ZDI-21-048 // CNVD: CNVD-2021-02590

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-02590

AFFECTED PRODUCTS

vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	13.1.0	Trust: 1.0
vendor:	siemens	model:	jt2go	scope:	lt	version:	13.1.0	Trust: 1.0
vendor:	シーメンス	model:	teamcenter visualization	scope:	eq	version:	13.1.0	Trust: 0.8
vendor:	シーメンス	model:	jt2go	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	jt2go	scope:	-	version:	-	Trust: 0.7
vendor:	siemens	model:	jt2go	scope:	lt	version:	v13.1.0	Trust: 0.6
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	v13.1.0	Trust: 0.6

sources: ZDI: ZDI-21-048 // CNVD: CNVD-2021-02590 // JVNDB: JVNDB-2020-015263 // NVD: CVE-2020-26981

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-26981
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-26981
value:	MEDIUM
Trust: 0.8
ZDI:	CVE-2020-26981
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2021-02590
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202101-923
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-26981
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-02590
severity:	MEDIUM
baseScore:	5.6
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-26981
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-26981
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2020-26981
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-21-048 // CNVD: CNVD-2021-02590 // JVNDB: JVNDB-2020-015263 // CNNVD: CNNVD-202101-923 // NVD: CVE-2020-26981

PROBLEMTYPE DATA

problemtype:	CWE-611	Trust: 1.0
problemtype:	XML Improper restrictions on external entity references (CWE-611) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-015263 // NVD: CVE-2020-26981

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-923

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202101-923

PATCH

title:	SSA-622830	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf	Trust: 0.8
title:	Siemens has issued an update to correct this vulnerability.	url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/	Trust: 0.7
title:	Patch for JT2Go and Teamcenter VisualizationXML External Entity Reference Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/244006	Trust: 0.6
title:	Siemens Jt2go and Siemens Teamcenter Visualization Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138851	Trust: 0.6

sources: ZDI: ZDI-21-048 // CNVD: CNVD-2021-02590 // JVNDB: JVNDB-2020-015263 // CNNVD: CNNVD-202101-923

EXTERNAL IDS

db:	NVD	id:	CVE-2020-26981	Trust: 3.7
db:	ZDI	id:	ZDI-21-048	Trust: 3.1
db:	SIEMENS	id:	SSA-622830	Trust: 2.2
db:	JVN	id:	JVNVU91685542	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-015263	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-11890	Trust: 0.7
db:	CNVD	id:	CNVD-2021-02590	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0125	Trust: 0.6
db:	ICS CERT	id:	ICSA-21-012-03	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-923	Trust: 0.6

sources: ZDI: ZDI-21-048 // CNVD: CNVD-2021-02590 // JVNDB: JVNDB-2020-015263 // CNNVD: CNNVD-202101-923 // NVD: CVE-2020-26981

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-21-048/	Trust: 2.4
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-26981	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu91685542/	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/	Trust: 0.7
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0125/	Trust: 0.6

sources: ZDI: ZDI-21-048 // CNVD: CNVD-2021-02590 // JVNDB: JVNDB-2020-015263 // CNNVD: CNNVD-202101-923 // NVD: CVE-2020-26981

CREDITS

rgod

Trust: 0.7

sources: ZDI: ZDI-21-048

SOURCES

db:	ZDI	id:	ZDI-21-048
db:	CNVD	id:	CNVD-2021-02590
db:	JVNDB	id:	JVNDB-2020-015263
db:	CNNVD	id:	CNNVD-202101-923
db:	NVD	id:	CVE-2020-26981

LAST UPDATE DATE

2024-08-14T12:23:14.263000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-048	date:	2021-01-14T00:00:00
db:	CNVD	id:	CNVD-2021-02590	date:	2021-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2020-015263	date:	2021-09-15T08:33:00
db:	CNNVD	id:	CNNVD-202101-923	date:	2021-02-24T00:00:00
db:	NVD	id:	CVE-2020-26981	date:	2021-02-23T13:50:30.917

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-048	date:	2021-01-14T00:00:00
db:	CNVD	id:	CNVD-2021-02590	date:	2021-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2020-015263	date:	2021-09-15T00:00:00
db:	CNNVD	id:	CNNVD-202101-923	date:	2021-01-12T00:00:00
db:	NVD	id:	CVE-2020-26981	date:	2021-01-12T21:15:16.683