Sign-up

ID

VAR-202108-1313


CVE

CVE-2021-33717


TITLE

JT2Go  and  Teamcenter Visualization  In  NULL  Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-010199

DESCRIPTION

A vulnerability has been identified in JT2Go (All versions < V13.2.0.1), Teamcenter Visualization (All versions < V13.2.0.1). When parsing specially crafted CGM Files, a NULL pointer deference condition could cause the application to crash. The application must be restarted to restore the service. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application. JT2Go and Teamcenter Visualization for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2021-33717 // JVNDB: JVNDB-2021-010199 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-33717

AFFECTED PRODUCTS

vendor:siemensmodel:jt2goscope:ltversion:13.2.0.1

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.2.0.1

Trust: 1.0

vendor:シーメンスmodel:teamcenter visualizationscope:eqversion:13.2.0.1

Trust: 0.8

vendor:シーメンスmodel:jt2goscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-010199 // NVD: CVE-2021-33717

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-33717
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202108-968
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-33717
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD: CVE-2021-33717
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

NVD:
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-33717
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-33717 // JVNDB: JVNDB-2021-010199 // NVD: CVE-2021-33717 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-968

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.0

problemtype:NULL Pointer dereference (CWE-476) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-010199 // NVD: CVE-2021-33717

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-968

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-33717

PATCH
title:SSA-365397url:https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf
Trust: 0.8
title:JT2Go  and Teamcenter Visualization Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=159361
Trust: 0.6
title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=b2237aa5ac819041f827cc4fd4128631
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-33717 // 
            
            
            
            JVNDB: JVNDB-2021-010199 // 
            
            
            
            CNNVD: CNNVD-202108-968

EXTERNAL IDS
db:NVDid:CVE-2021-33717
Trust: 3.3
db:SIEMENSid:SSA-365397
Trust: 1.7
db:ICS CERTid:ICSA-21-222-01
Trust: 1.4
db:JVNid:JVNVU99791395
Trust: 0.8
db:JVNDBid:JVNDB-2021-010199
Trust: 0.8
db:CS-HELPid:SB2021041363
Trust: 0.6
db:CNNVDid:CNNVD-202104-975
Trust: 0.6
db:CS-HELPid:SB2021081108
Trust: 0.6
db:AUSCERTid:ESB-2021.2700
Trust: 0.6
db:CNNVDid:CNNVD-202108-968
Trust: 0.6
db:VULMONid:CVE-2021-33717
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-33717 // 
            
            
            
            JVNDB: JVNDB-2021-010199 // 
            
            
            
            NVD: CVE-2021-33717 // 
            
            
            
            CNNVD: CNNVD-202104-975 // 
            
            
            
            CNNVD: CNNVD-202108-968

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf
Trust: 1.7
url:https://jvn.jp/vu/jvnvu99791395/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2021-33717
Trust: 0.8
url:https://www.cisa.gov/uscert/ics/advisories/icsa-21-222-01
Trust: 0.8
url:https://www.cybersecurity-help.cz/vdb/sb2021041363
Trust: 0.6
url:https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01
Trust: 0.6
url:https://www.cybersecurity-help.cz/vdb/sb2021081108
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2021.2700
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/476.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://cert-portal.siemens.com/productcert/txt/ssa-365397.txt
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-33717 // 
            
            
            
            JVNDB: JVNDB-2021-010199 // 
            
            
            
            NVD: CVE-2021-33717 // 
            
            
            
            CNNVD: CNNVD-202104-975 // 
            
            
            
            CNNVD: CNNVD-202108-968

CREDITS
Kai Wang from Codesafe Team of Legendsec at Qi’anxin Group, and Open Design Alliance reported these vulnerabilities to CISA.,Mat Powell and Brian Gorenc of Trend Micro’s Zero Day Initiative
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202108-968

SOURCES
db:VULMONid:CVE-2021-33717
db:JVNDBid:JVNDB-2021-010199
db:NVDid:CVE-2021-33717
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202108-968

LAST UPDATE DATE
2023-12-18T11:52:36.043000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2021-33717date:2021-08-18T00:00:00
db:JVNDBid:JVNDB-2021-010199date:2022-06-24T02:36:00
db:NVDid:CVE-2021-33717date:2021-08-18T13:46:06.787
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202108-968date:2021-08-19T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2021-33717date:2021-08-10T00:00:00
db:JVNDBid:JVNDB-2021-010199date:2022-06-24T00:00:00
db:NVDid:CVE-2021-33717date:2021-08-10T11:15:09.040
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202108-968date:2021-08-10T00:00:00