Details of VAR-202205-0951

ID

VAR-202205-0951

CVE

CVE-2022-29033

TITLE

Siemens JT2GO and Siemens Teamcenter Visualization Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202205-3131

DESCRIPTION

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. Siemens JT2GO and Teamcenter Visualization

Trust: 0.99

sources: NVD: CVE-2022-29033 // VULMON: CVE-2022-29033

AFFECTED PRODUCTS

vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	14.0.0.1	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	13.3	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	gte	version:	14.0	Trust: 1.0
vendor:	siemens	model:	jt2go	scope:	lt	version:	13.3.0.3	Trust: 1.0
vendor:	siemens	model:	teamcenter visualization	scope:	lt	version:	13.3.0.3	Trust: 1.0

sources: NVD: CVE-2022-29033

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2022-29033
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202205-3131
value:	HIGH
Trust: 0.6

NVD:
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	TRUE
version:	2.0
Trust: 1.0

NVD:
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: NVD: CVE-2022-29033 // CNNVD: CNNVD-202205-3131

PROBLEMTYPE DATA

problemtype:

CWE-824

Trust: 1.0

sources: NVD: CVE-2022-29033

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-3131

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202205-3131

CONFIGURATIONS

sources: NVD: CVE-2022-29033

PATCH

title:

Siemens JT2GO and Siemens Teamcenter Visualization Buffer error vulnerability fix

url:

http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=192514

Trust: 0.6

sources: CNNVD: CNNVD-202205-3131

EXTERNAL IDS

db:	NVD	id:	CVE-2022-29033	Trust: 1.7
db:	SIEMENS	id:	SSA-553086	Trust: 1.6
db:	ICS CERT	id:	ICSA-22-132-09	Trust: 0.7
db:	CS-HELP	id:	SB2022051211	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2350	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-3131	Trust: 0.6
db:	VULMON	id:	CVE-2022-29033	Trust: 0.1

sources: VULMON: CVE-2022-29033 // NVD: CVE-2022-29033 // CNNVD: CNNVD-202205-3131

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf	Trust: 1.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-132-09	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-29033/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2350	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051211	Trust: 0.6
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-09	Trust: 0.1

sources: VULMON: CVE-2022-29033 // NVD: CVE-2022-29033 // CNNVD: CNNVD-202205-3131

CREDITS

reported these vulnerabilities to CISA., of ADLab of Venustech,Jin Huang

Trust: 0.6

sources: CNNVD: CNNVD-202205-3131

SOURCES

db:	VULMON	id:	CVE-2022-29033
db:	NVD	id:	CVE-2022-29033
db:	CNNVD	id:	CNNVD-202205-3131

LAST UPDATE DATE

2023-12-18T11:56:05.418000+00:00

SOURCES UPDATE DATE

db:	NVD	id:	CVE-2022-29033	date:	2022-05-26T22:43:22.600
db:	CNNVD	id:	CNNVD-202205-3131	date:	2022-05-30T00:00:00

SOURCES RELEASE DATE

db:	NVD	id:	CVE-2022-29033	date:	2022-05-20T13:15:15.790
db:	CNNVD	id:	CNNVD-202205-3131	date:	2022-05-12T00:00:00