Sign-up

ID

VAR-202205-0950


CVE

CVE-2022-29032


TITLE

Siemens JT2GO and Siemens Teamcenter Visualization Resource Management Error Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202205-3134

DESCRIPTION

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. Siemens JT2GO and Teamcenter Visualization

Trust: 0.99

sources: NVD: CVE-2022-29032 // VULMON: CVE-2022-29032

AFFECTED PRODUCTS

vendor:siemensmodel:teamcenter visualizationscope:ltversion:14.0.0.1

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:13.3

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:14.0

Trust: 1.0

vendor:siemensmodel:jt2goscope:ltversion:13.3.0.3

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.3.0.3

Trust: 1.0

sources: NVD: CVE-2022-29032

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-29032
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202205-3134
value: HIGH

Trust: 0.6

NVD:
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD:
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2022-29032 // CNNVD: CNNVD-202205-3134

PROBLEMTYPE DATA

problemtype:CWE-415

Trust: 1.0

sources: NVD: CVE-2022-29032

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-3134

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202205-3134

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-29032

PATCH
title:Siemens JT2GO  and Siemens Teamcenter Visualization Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=192517
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202205-3134

EXTERNAL IDS
db:NVDid:CVE-2022-29032
Trust: 1.7
db:SIEMENSid:SSA-553086
Trust: 1.6
db:ICS CERTid:ICSA-22-132-09
Trust: 0.7
db:CS-HELPid:SB2022051211
Trust: 0.6
db:AUSCERTid:ESB-2022.2350
Trust: 0.6
db:CNNVDid:CNNVD-202205-3134
Trust: 0.6
db:VULMONid:CVE-2022-29032
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-29032 // 
            
            
            
            NVD: CVE-2022-29032 // 
            
            
            
            CNNVD: CNNVD-202205-3134

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf
Trust: 1.6
url:https://us-cert.cisa.gov/ics/advisories/icsa-22-132-09
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2022-29032/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2022.2350
Trust: 0.6
url:https://www.cybersecurity-help.cz/vdb/sb2022051211
Trust: 0.6
url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-09
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-29032 // 
            
            
            
            NVD: CVE-2022-29032 // 
            
            
            
            CNNVD: CNNVD-202205-3134

CREDITS
reported these vulnerabilities to CISA., of ADLab of Venustech,Jin Huang
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202205-3134

SOURCES
db:VULMONid:CVE-2022-29032
db:NVDid:CVE-2022-29032
db:CNNVDid:CNNVD-202205-3134

LAST UPDATE DATE
2023-12-18T11:56:05.382000+00:00

SOURCES UPDATE DATE
db:NVDid:CVE-2022-29032date:2022-05-26T22:45:32.993
db:CNNVDid:CNNVD-202205-3134date:2022-05-30T00:00:00

SOURCES RELEASE DATE
db:NVDid:CVE-2022-29032date:2022-05-20T13:15:15.743
db:CNNVDid:CNNVD-202205-3134date:2022-05-12T00:00:00