ID

VAR-202108-1313


CVE

CVE-2021-33717


TITLE

JT2Go  and  Teamcenter Visualization  In  NULL  Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-010199

DESCRIPTION

A vulnerability has been identified in JT2Go (All versions < V13.2.0.1), Teamcenter Visualization (All versions < V13.2.0.1). When parsing specially crafted CGM Files, a NULL pointer deference condition could cause the application to crash. The application must be restarted to restore the service. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application. JT2Go and Teamcenter Visualization for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2021-33717 // JVNDB: JVNDB-2021-010199 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-33717

AFFECTED PRODUCTS

vendor:siemensmodel:jt2goscope:ltversion:13.2.0.1

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.2.0.1

Trust: 1.0

vendor:シーメンスmodel:teamcenter visualizationscope:eqversion:13.2.0.1

Trust: 0.8

vendor:シーメンスmodel:jt2goscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-010199 // NVD: CVE-2021-33717

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-33717
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202108-968
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-33717
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD: CVE-2021-33717
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

NVD:
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-33717
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-33717 // JVNDB: JVNDB-2021-010199 // NVD: CVE-2021-33717 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-968

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.0

problemtype:NULL Pointer dereference (CWE-476) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-010199 // NVD: CVE-2021-33717

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-968

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources: NVD: CVE-2021-33717

PATCH

title:SSA-365397url:https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf

Trust: 0.8

title:JT2Go and Teamcenter Visualization Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=159361

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=b2237aa5ac819041f827cc4fd4128631

Trust: 0.1

sources: VULMON: CVE-2021-33717 // JVNDB: JVNDB-2021-010199 // CNNVD: CNNVD-202108-968

EXTERNAL IDS

db:NVDid:CVE-2021-33717

Trust: 3.3

db:SIEMENSid:SSA-365397

Trust: 1.7

db:ICS CERTid:ICSA-21-222-01

Trust: 1.4

db:JVNid:JVNVU99791395

Trust: 0.8

db:JVNDBid:JVNDB-2021-010199

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021081108

Trust: 0.6

db:AUSCERTid:ESB-2021.2700

Trust: 0.6

db:CNNVDid:CNNVD-202108-968

Trust: 0.6

db:VULMONid:CVE-2021-33717

Trust: 0.1

sources: VULMON: CVE-2021-33717 // JVNDB: JVNDB-2021-010199 // NVD: CVE-2021-33717 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-968

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf

Trust: 1.7

url:https://jvn.jp/vu/jvnvu99791395/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-33717

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-21-222-01

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021081108

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2700

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/476.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://cert-portal.siemens.com/productcert/txt/ssa-365397.txt

Trust: 0.1

sources: VULMON: CVE-2021-33717 // JVNDB: JVNDB-2021-010199 // NVD: CVE-2021-33717 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-968

CREDITS

Kai Wang from Codesafe Team of Legendsec at Qi’anxin Group, and Open Design Alliance reported these vulnerabilities to CISA.,Mat Powell and Brian Gorenc of Trend Micro’s Zero Day Initiative

Trust: 0.6

sources: CNNVD: CNNVD-202108-968

SOURCES

db:VULMONid:CVE-2021-33717
db:JVNDBid:JVNDB-2021-010199
db:NVDid:CVE-2021-33717
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202108-968

LAST UPDATE DATE

2023-12-18T11:52:36.043000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-33717date:2021-08-18T00:00:00
db:JVNDBid:JVNDB-2021-010199date:2022-06-24T02:36:00
db:NVDid:CVE-2021-33717date:2021-08-18T13:46:06.787
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202108-968date:2021-08-19T00:00:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-33717date:2021-08-10T00:00:00
db:JVNDBid:JVNDB-2021-010199date:2022-06-24T00:00:00
db:NVDid:CVE-2021-33717date:2021-08-10T11:15:09.040
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202108-968date:2021-08-10T00:00:00