Sign-up

ID

VAR-202205-0952


CVE

CVE-2022-29028


TITLE

Siemens JT2GO and Siemens Teamcenter Visualization Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202205-3138

DESCRIPTION

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens JT2GO and Teamcenter Visualization

Trust: 0.99

sources: NVD: CVE-2022-29028 // VULMON: CVE-2022-29028

AFFECTED PRODUCTS

vendor:siemensmodel:teamcenter visualizationscope:ltversion:14.0.0.1

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:13.3

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:14.0

Trust: 1.0

vendor:siemensmodel:jt2goscope:ltversion:13.3.0.3

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.3.0.3

Trust: 1.0

sources: NVD: CVE-2022-29028

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-29028
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202205-3138
value: MEDIUM

Trust: 0.6

NVD:
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD:
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: NVD: CVE-2022-29028 // CNNVD: CNNVD-202205-3138

PROBLEMTYPE DATA

problemtype:CWE-835

Trust: 1.0

sources: NVD: CVE-2022-29028

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-3138

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-3138

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-29028

PATCH
title:Siemens JT2GO  and Siemens Teamcenter Visualization Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=194238
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202205-3138

EXTERNAL IDS
db:NVDid:CVE-2022-29028
Trust: 1.7
db:SIEMENSid:SSA-553086
Trust: 1.6
db:ICS CERTid:ICSA-22-132-09
Trust: 0.7
db:CS-HELPid:SB2022051211
Trust: 0.6
db:AUSCERTid:ESB-2022.2350
Trust: 0.6
db:CNNVDid:CNNVD-202205-3138
Trust: 0.6
db:VULMONid:CVE-2022-29028
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-29028 // 
            
            
            
            NVD: CVE-2022-29028 // 
            
            
            
            CNNVD: CNNVD-202205-3138

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf
Trust: 1.6
url:https://us-cert.cisa.gov/ics/advisories/icsa-22-132-09
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2022.2350
Trust: 0.6
url:https://www.cybersecurity-help.cz/vdb/sb2022051211
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2022-29028/
Trust: 0.6
url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-09
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-29028 // 
            
            
            
            NVD: CVE-2022-29028 // 
            
            
            
            CNNVD: CNNVD-202205-3138

CREDITS
reported these vulnerabilities to CISA., of ADLab of Venustech,Jin Huang
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202205-3138

SOURCES
db:VULMONid:CVE-2022-29028
db:NVDid:CVE-2022-29028
db:CNNVDid:CNNVD-202205-3138

LAST UPDATE DATE
2023-12-18T11:56:05.528000+00:00

SOURCES UPDATE DATE
db:NVDid:CVE-2022-29028date:2022-05-26T16:19:56.143
db:CNNVDid:CNNVD-202205-3138date:2022-05-30T00:00:00

SOURCES RELEASE DATE
db:NVDid:CVE-2022-29028date:2022-05-20T13:15:15.550
db:CNNVDid:CNNVD-202205-3138date:2022-05-12T00:00:00