ID

VAR-202101-0342


CVE

CVE-2020-26981


TITLE

JT2Go  and  Teamcenter Visualization  In  XML  External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-015263

DESCRIPTION

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11890). JT2Go and Teamcenter Visualization Has XML An external entity vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-11890 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PLMXML files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML and existing JT, VFZ, CGM, TIF data. Teamcenter visualization software enables companies to enhance their product lifecycle management (PLM) environment. The software enables corporate users to access documents, 2D drawings and 3D models in a single environment

Trust: 2.79

sources: NVD: CVE-2020-26981 // JVNDB: JVNDB-2020-015263 // ZDI: ZDI-21-048 // CNVD: CNVD-2021-02590

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-02590

AFFECTED PRODUCTS

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.1.0

Trust: 1.0

vendor:siemensmodel:jt2goscope:ltversion:13.1.0

Trust: 1.0

vendor:シーメンスmodel:teamcenter visualizationscope:eqversion:13.1.0

Trust: 0.8

vendor:シーメンスmodel:jt2goscope: - version: -

Trust: 0.8

vendor:siemensmodel:jt2goscope: - version: -

Trust: 0.7

vendor:siemensmodel:jt2goscope:ltversion:v13.1.0

Trust: 0.6

vendor:siemensmodel:teamcenter visualizationscope:ltversion:v13.1.0

Trust: 0.6

sources: ZDI: ZDI-21-048 // CNVD: CNVD-2021-02590 // JVNDB: JVNDB-2020-015263 // NVD: CVE-2020-26981

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-26981
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-26981
value: MEDIUM

Trust: 0.8

ZDI: CVE-2020-26981
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2021-02590
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202101-923
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-26981
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-02590
severity: MEDIUM
baseScore: 5.6
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-26981
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-26981
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-26981
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-048 // CNVD: CNVD-2021-02590 // JVNDB: JVNDB-2020-015263 // CNNVD: CNNVD-202101-923 // NVD: CVE-2020-26981

PROBLEMTYPE DATA

problemtype:CWE-611

Trust: 1.0

problemtype:XML Improper restrictions on external entity references (CWE-611) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-015263 // NVD: CVE-2020-26981

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-923

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202101-923

PATCH

title:SSA-622830url:https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf

Trust: 0.8

title:Siemens has issued an update to correct this vulnerability.url:https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/

Trust: 0.7

title:Patch for JT2Go and Teamcenter VisualizationXML External Entity Reference Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/244006

Trust: 0.6

title:Siemens Jt2go and Siemens Teamcenter Visualization Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138851

Trust: 0.6

sources: ZDI: ZDI-21-048 // CNVD: CNVD-2021-02590 // JVNDB: JVNDB-2020-015263 // CNNVD: CNNVD-202101-923

EXTERNAL IDS

db:NVDid:CVE-2020-26981

Trust: 3.7

db:ZDIid:ZDI-21-048

Trust: 3.1

db:SIEMENSid:SSA-622830

Trust: 2.2

db:JVNid:JVNVU91685542

Trust: 0.8

db:JVNDBid:JVNDB-2020-015263

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-11890

Trust: 0.7

db:CNVDid:CNVD-2021-02590

Trust: 0.6

db:AUSCERTid:ESB-2021.0125

Trust: 0.6

db:ICS CERTid:ICSA-21-012-03

Trust: 0.6

db:CNNVDid:CNNVD-202101-923

Trust: 0.6

sources: ZDI: ZDI-21-048 // CNVD: CNVD-2021-02590 // JVNDB: JVNDB-2020-015263 // CNNVD: CNNVD-202101-923 // NVD: CVE-2020-26981

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-21-048/

Trust: 2.4

url:https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf

Trust: 2.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-26981

Trust: 1.4

url:https://jvn.jp/vu/jvnvu91685542/

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03/

Trust: 0.7

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0125/

Trust: 0.6

sources: ZDI: ZDI-21-048 // CNVD: CNVD-2021-02590 // JVNDB: JVNDB-2020-015263 // CNNVD: CNNVD-202101-923 // NVD: CVE-2020-26981

CREDITS

rgod

Trust: 0.7

sources: ZDI: ZDI-21-048

SOURCES

db:ZDIid:ZDI-21-048
db:CNVDid:CNVD-2021-02590
db:JVNDBid:JVNDB-2020-015263
db:CNNVDid:CNNVD-202101-923
db:NVDid:CVE-2020-26981

LAST UPDATE DATE

2024-08-14T12:23:14.263000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-048date:2021-01-14T00:00:00
db:CNVDid:CNVD-2021-02590date:2021-01-13T00:00:00
db:JVNDBid:JVNDB-2020-015263date:2021-09-15T08:33:00
db:CNNVDid:CNNVD-202101-923date:2021-02-24T00:00:00
db:NVDid:CVE-2020-26981date:2021-02-23T13:50:30.917

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-048date:2021-01-14T00:00:00
db:CNVDid:CNVD-2021-02590date:2021-01-13T00:00:00
db:JVNDBid:JVNDB-2020-015263date:2021-09-15T00:00:00
db:CNNVDid:CNNVD-202101-923date:2021-01-12T00:00:00
db:NVDid:CVE-2020-26981date:2021-01-12T21:15:16.683