ID
VAR-202102-0320
CVE
CVE-2020-26999
TITLE
JT2Go and Teamcenter Visualization Out-of-bounds read vulnerability
Trust: 0.8
DESCRIPTION
A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12042). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-12042 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files
Trust: 2.97
AFFECTED PRODUCTS
| vendor: | siemens | model: | jt2go | scope: | - | version: | - | Trust: 1.4 |
| vendor: | siemens | model: | jt2go | scope: | lt | version: | 13.1.0.2 | Trust: 1.0 |
| vendor: | siemens | model: | teamcenter visualization | scope: | lt | version: | 13.1.0.2 | Trust: 1.0 |
| vendor: | シーメンス | model: | jt2go | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | teamcenter visualization | scope: | eq | version: | 13.1.0.2 | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-125 | Trust: 1.0 |
| problemtype: | Out-of-bounds read (CWE-125) [NVD Evaluation ] | Trust: 0.8 |
THREAT TYPE
local
Trust: 0.6
TYPE
buffer error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | SSA-663999 Siemens Security Advisory | url: | https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf | Trust: 0.8 |
| title: | https://us-cert.cisa.gov/ics/advisories/icsa-21-147-04 | url: | https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf | Trust: 0.7 |
| title: | - | url: | https://us-cert.cisa.gov/ics/advisories/icsa-21-147-04https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf | Trust: 0.7 |
| title: | JT2Go Buffer error vulnerability fix | url: | http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=141294 | Trust: 0.6 |
| title: | Siemens Security Advisories: Siemens Security Advisory | url: | https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=22012358d4c381f4f14edecd2684a63a | Trust: 0.1 |
| title: | Siemens Security Advisories: Siemens Security Advisory | url: | https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=1c3bdb36e22f42f5b9339f0ff806382c | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-26999 | Trust: 3.9 |
| db: | ZDI | id: | ZDI-21-239 | Trust: 3.2 |
| db: | ZDI | id: | ZDI-21-860 | Trust: 3.2 |
| db: | SIEMENS | id: | SSA-663999 | Trust: 1.7 |
| db: | SIEMENS | id: | SSA-695540 | Trust: 1.7 |
| db: | JVNDB | id: | JVNDB-2020-015931 | Trust: 0.8 |
| db: | ZDI_CAN | id: | ZDI-CAN-12042 | Trust: 0.7 |
| db: | ZDI_CAN | id: | ZDI-CAN-13418 | Trust: 0.7 |
| db: | AUSCERT | id: | ESB-2021.1836 | Trust: 0.6 |
| db: | AUSCERT | id: | ESB-2021.0495 | Trust: 0.6 |
| db: | ICS CERT | id: | ICSA-21-147-04 | Trust: 0.6 |
| db: | ICS CERT | id: | ICSA-21-040-06 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202102-873 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2020-26999 | Trust: 0.1 |
REFERENCES
| url: | https://www.zerodayinitiative.com/advisories/zdi-21-239/ | Trust: 2.5 |
| url: | https://www.zerodayinitiative.com/advisories/zdi-21-860/ | Trust: 2.5 |
| url: | https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf | Trust: 2.4 |
| url: | https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf | Trust: 1.7 |
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-21-147-04 | Trust: 1.3 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2020-26999 | Trust: 0.8 |
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-21-147-04https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf | Trust: 0.7 |
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06 | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2021.0495 | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2021.1836 | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/125.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
CREDITS
Mat Powell of Trend Micro Zero Day Initiative
Trust: 1.3
SOURCES
| db: | ZDI | id: | ZDI-21-239 |
| db: | ZDI | id: | ZDI-21-860 |
| db: | VULMON | id: | CVE-2020-26999 |
| db: | JVNDB | id: | JVNDB-2020-015931 |
| db: | NVD | id: | CVE-2020-26999 |
| db: | CNNVD | id: | CNNVD-202102-873 |
LAST UPDATE DATE
2023-12-18T11:15:24.020000+00:00
SOURCES UPDATE DATE
| db: | ZDI | id: | ZDI-21-239 | date: | 2021-06-08T00:00:00 |
| db: | ZDI | id: | ZDI-21-860 | date: | 2021-07-19T00:00:00 |
| db: | VULMON | id: | CVE-2020-26999 | date: | 2021-07-19T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-015931 | date: | 2021-10-25T07:17:00 |
| db: | NVD | id: | CVE-2020-26999 | date: | 2022-02-22T14:17:16.100 |
| db: | CNNVD | id: | CNNVD-202102-873 | date: | 2021-07-20T00:00:00 |
SOURCES RELEASE DATE
| db: | ZDI | id: | ZDI-21-239 | date: | 2021-02-24T00:00:00 |
| db: | ZDI | id: | ZDI-21-860 | date: | 2021-07-19T00:00:00 |
| db: | VULMON | id: | CVE-2020-26999 | date: | 2021-02-09T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-015931 | date: | 2021-10-25T00:00:00 |
| db: | NVD | id: | CVE-2020-26999 | date: | 2021-02-09T17:15:13.843 |
| db: | CNNVD | id: | CNNVD-202102-873 | date: | 2021-02-09T00:00:00 |